Slow processing and internet problems

  1. 15-09-2007  #1
    bmafan
    bmafan is offline Newbie

    Slow processing and internet problems

    Hi, i found your website by searching on google for the problem I was having. For some reason I am no longer allowed to open my control panel and a few other things, it says it has been locked and to contact administrator, but there is only one user so my first thought was VIRUS! I was currently using Free AVG virus and spyware software, but decided to go purchase a virus/spyware/firewall. The one i chose was CA Internet Security, maiunly because it was free after rebaters :-) Anyway, it found many sypware/tracking software as well as viruses. I deleted all of them, but there still seems to be a problem. At first the software said that there was one virus that couldn't be deleted without my help, but i can't remember what it was and it is not longer giving me that message. However, this leads me to the present, everytime i scan for spyware there is always 2 or 3 that it finds. Here is a report that it produced, containing the past 3 scans.

    CA Anti-Spyware Quarantined Spyware Report
    This report was generated on: 9/14/2007-11:55:43 PM

    9/14/2007 10:43:13 PM <<20070915034313>>
    (0) Spowaint
    hkey_local_machine \software\microsoft\windows\currentversion\run

    () Disable Task Manager Reg Entry
    hkey_users \s-1-5-21-73586283-789336058-1343024091-1006\software\microsoft\windows\currentversion\pol icies\system

    9/14/2007 10:43:13 PM <<20070915034313>>
    9/14/2007 11:22:26 PM <<20070915042226>>
    () Spowaint
    hkey_local_machine \software\microsoft\windows\currentversion\run

    () Disable Task Manager Reg Entry
    hkey_users \s-1-5-21-73586283-789336058-1343024091-1006\software\microsoft\windows\currentversion\pol icies\system

    9/14/2007 11:22:26 PM <<20070915042226>>
    9/14/2007 11:54:27 PM <<20070915045427>>
    () Crupor
    c:\windows\system32\printer.exe

    9/14/2007 11:54:27 PM <<20070915045427>>
    ***End Report***

    Spowaint and Crupor were both labeled as trojans and high risk. Another problem is a popup saying Warning! Security alert "your computer can be infected with malware programs and to click here to do a scan" big red X on the task bar, when i clicked on it once, to see if I could fix it it lead me to a website "www.onlinesecutiryscan.info" and i just closed the browser. Here is what i produced using Hijackthis:

    Uninstall list

    Adobe Flash Player ActiveX
    Adobe Reader 7.0
    Adobe Shockwave Player
    Apple Software Update
    AVG Anti-Spyware 7.5
    CA Internet Security Suite
    CompuServe
    DataPilot
    DISH Optimizer Ver 2007-02-13
    Guitar Pro 4
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Windows XP (KB896344)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 2170 series
    hp psc 2170 series
    Hunting Unlimited 4 1.0
    iTunes
    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment Standard Edition v1.3.1_02
    Logitech Gaming Software
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Data Access Components KB870669
    Microsoft Office Professional Edition 2003
    Microsoft Works 2000
    Microsoft Works Setup Launcher
    MSXML 4.0 SP2 (KB936181)
    Music Rescue 3.1.2
    Nero Media Player
    Nero OEM
    NeroVision Express 2
    QuickTime
    RealPlayer Basic
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB900930)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    USB-IrDA Adapter
    Viewpoint Media Player
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Connect
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    Worms 2
    Worms Armageddon

    Scan result:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:43:49 PM, on 9/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\printer.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
    O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
    O4 - HKUS\S-1-5-18\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Default user')
    O4 - Startup: system.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127737664895
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.mail.sieversandco.com/Remote/msrdp.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
    O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.ndcontent.com/cf/girls/ashlee3.jpg

    --
    End of file - 8520 bytes


    Thank you in advance for any advice you can give me. I hope my computer is fixable and i won't have to format and reinstall everything, mainly because i don't have the original CDs for programs, got the comp from a friend. Thanks,

    William
    (hope i didn't leave anything out)

  3. 15-09-2007  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.





    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  4. 19-09-2007  #3
    bmafan
    bmafan is offline Newbie
    After running the Combofix i can now access my control panel. The red circle with the white X, (looks just like the combofix icon) is on my task bar and keeps telling me about malware, but atleast im on the right track again. Thank you so much for your time. Maybe in a few more steps i can be back to normal. Here is the Combofix and Hijackthis logs.


    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:23:40 PM, on 9/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-18\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Default user')
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127737664895
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.mail.sieversandco.com/Remote/msrdp.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - http://www.ndcontent.com/cf/girls/ashlee3.jpg

    --
    End of file - 7371 bytes


    Combofix:

    ComboFix 07-09-17.2 - "jared" 2007-09-18 17:54:13.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.46 [GMT -5:00]
    .

    ((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
    .

    2007-09-17 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-15 00:33 <DIR> d-------- C:\DOCUME~1\jared\DoctorWeb
    2007-09-13 18:12 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-09-12 10:36 <DIR> d-------- C:\qrnt
    2007-09-12 10:36 <DIR> d-------- C:\CA
    2007-09-12 09:16 <DIR> d-------- C:\WINDOWS\CAVTemp
    2007-09-12 09:11 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
    2007-09-12 09:11 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
    2007-09-11 19:02 248 --a------ C:\PPCleanDeleteAtReboot.bat
    2007-09-11 17:55 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
    2007-09-11 17:55 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
    2007-09-11 17:55 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
    2007-09-11 17:55 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
    2007-09-11 17:55 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
    2007-09-11 17:55 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
    2007-09-11 17:55 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
    2007-09-11 17:54 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2007-09-11 17:52 <DIR> d-------- C:\Program Files\CA
    2007-09-11 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
    2007-09-11 07:05 0 --a------ C:\winxplogon.sys
    2007-09-03 11:40 <DIR> d-------- C:\Downloads
    2007-08-26 15:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-08-26 15:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-08-26 15:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-08-26 15:14 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-08-26 15:09 <DIR> dr-h----- C:\MSOCache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
    2007-09-17 22:07 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
    2007-09-17 22:07 34678 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
    2007-09-11 07:06 --------- d-------- C:\DOCUME~1\jared\APPLIC~1\AdobeUM
    2007-08-26 16:01 --------- d-------- C:\Program Files\Google
    2007-08-26 15:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-26 15:07 --------- d-------- C:\Program Files\Snapshot Viewer
    2007-08-06 16:56 --------- d-------- C:\DOCUME~1\jared\APPLIC~1\Help
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-26 20:47 --------- d-------- C:\Program Files\NES
    2007-07-24 18:43 23649352 --a------ C:\avg75free_476a1048.exe
    2007-07-24 18:38 12413440 --a------ C:\SpywareSetup.exe
    2007-07-24 17:00 92176 --a------ C:\WINDOWS\system32\drivers\KmxStart.sys
    2007-07-24 17:00 134160 --a------ C:\WINDOWS\system32\drivers\KmxCF.sys
    2007-07-24 17:00 114704 --a------ C:\WINDOWS\system32\drivers\KmxFw.sys
    2007-07-21 18:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-21 18:34 --------- d-------- C:\DOCUME~1\jared\APPLIC~1\U3
    2007-07-21 12:43 --------- d-------- C:\Program Files\Logitech
    2007-07-21 12:43 --------- d-------- C:\Program Files\Common Files\Logitech
    2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-26 18:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-09-12 09:10]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-09-12 09:10]
    "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-09-12 09:10]
    "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-09-12 09:10]
    "cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-09-12 09:10]
    "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-13 23:18]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
    "WinAVX"=C:\WINDOWS\system32\WinAvXX.exe

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
    Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00]

    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll [2007-09-11 07:05 10752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

    R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxs tart.sys
    R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxa gent.sys
    R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFil e.sys
    R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
    R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
    R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.s ys
    R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
    R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
    R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
    R3 allegro;ESS Allegro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
    R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.s ys
    R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
    R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys
    S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys
    S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys
    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
    AutoRun\command- G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ddb359a3-26a4-11dc-8326-00038a000015}]
    AutoRun\command- G:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-17 02:52:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-09-12 00:02:46 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as jared at 5 54 PM.job"
    - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
    "2006-01-24 01:59:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1128128163.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    .
    ************************************************** ************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-18 18:05:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2007-09-18 18:13:46
    C:\ComboFix-quarantined-files.txt ... 2007-09-18 18:13
    .
    --- E O F ---


    William
  5. 19-09-2007  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO. This is very important to get an optimal and comprehensive fix. Warning : running option #2 on a non infected computer will remove your Desktop background.



    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
  6. 21-09-2007  #5
    bmafan
    bmafan is offline Newbie
    Thanks again for your help. Here is the report from smitfraudfix


    SmitFraudFix v2.226

    Scan done at 19:01:06.50, Thu 09/20/2007
    Run from C:\Documents and Settings\jared\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    hosts file corrupted !

    192.168.200.3 download.microsoft.com
    192.168.200.3 downloads.microsoft.com
    192.168.200.3 go.microsoft.com
    192.168.200.3 microsoft.com
    192.168.200.3 msdn.microsoft.com
    192.168.200.3 office.microsoft.com
    192.168.200.3 support.microsoft.com
    192.168.200.3 windowsupdate.microsoft.com
    192.168.200.3 www.microsoft.com
    192.168.200.3 pandasoftware.com
    192.168.200.3 www.pandasoftware.com

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jared


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jared\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jared\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://www.ndcontent.com/cf/girls/ashlee3.jpg"
    "SubscribedURL"="http://www.ndcontent.com/cf/girls/ashlee3.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

    [HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA 9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SMC EZ Card 10/100 PCI (SMC1211TX) - Packet Scheduler Miniport
    DNS Server Search Order: 75.104.192.61

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6129EEBA-8652-4C40-AF09-4738DD494E8B}: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6129EEBA-8652-4C40-AF09-4738DD494E8B}: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6129EEBA-8652-4C40-AF09-4738DD494E8B}: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=75.104.192.61


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
  7. 21-09-2007  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    O4 - HKLM\..\Run: [DONOTDELETE] C:\WINDOWS\system32\explore.exe
    O4 - HKCU\..\Run: [DONOTDELETE] C:\WINDOWS\system32\explore.exe

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.




    Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.



    Download and install AVG Anti-Spyware 7.5 (AVG AS).
    • Click the Download BUTTON. On the next page click the Download now BUTTON.
    • Save and then install (Run) from the save location.
    • Open/Run AVG Anti-Spyware
    • Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:

    • Click on the Update now LINK at the top of the window
      • Click on the Start update button
      • Wait for the update to download and install
  8. This is very important to get the LATEST updates
  9. Click on the Status ICON
    • Under "Your computers Security"
      Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)
  10. Click on the Scanner ICON at the top of the window
  11. Click on the Settings tab then select Recommended Actions and choose Quarantine
  12. When updating has finished. Close AVG Anti-Spyware.


    13. We will be using this tool in a later step.



    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    • Next, please reboot your computer in Safe Mode by doing the following:
      • Restart your computer
      • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      • Instead of Windows loading as normal, a menu with options should appear;
      • Select the first option, to run Windows in Safe Mode, then press "Enter".
      • Choose your usual account.



    Running SmitfraudFix – 2nd Part
    • Once in Safe Mode, double-click on SmitfraudFix.exe
      Warning: running option #2 on a non infected computer will remove your Desktop background.

      Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

      You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

      The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

      The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

      A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
      The report can also be found at the root of the system drive, usually at C:\rapport.txt

    • Restart your computer in Safe Mode again.



    DELETE FILES:
    • C:\WINDOWS\system32\explore.exe


    AVG Anti-Spyware - 2nd Part
    • Click on Scanner on the toolbar.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan your computer.
    • When the scan has finished, follow the instructions below:
      • Make sure that Set all elements to: shows Quarantine
      • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
      • When the program has finished, it will display the message All actions have been applied.
      • Then click the Save Scan Report button.
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Tray Icon and select Exit.
    • Now copy the report back to this topic.
    • Run a new HijackThis (HJT) scan.
    • Please ensure that you have posted the SmitfraudFix, AVG, and HJT logs in this thread.


    Let us know how your PC is now behaving.
  • 29-09-2007  #7
    bmafan
    bmafan is offline Newbie
    Sorry I haven't posted in a while, couldn't find the time to mess with the computer. I didn't see the two items in the Hijackthis program that you told me to select and fix in the previous post.

    I downloaded and ran the AVG Anti-spyware and it only found 3 medium threats, but i failed to save the report, sorry :-). If it is important I will run it again and post in my next post, just took a while for the scan to complete.

    I then rebooted in safe mode and cleaned with smitfraud.

    I couldn't find the file, C:\WINDOWS\SYSTEM32\explorer.exe that you told me to delete. Checked in the System32 folder and even looked through all the folders and did a search, but no luck.

    System running better, but internet has seemed to get a little slower. I know its not the connection because me laptops are running fine. When I check the status of the connection, the received and sent numbers are always real low. I run virus and spyware checks with my purchased program, CA, formerly Computer Associates. I noticed in another post that it was recomended that someone use Dr. Web cureit, when I ran it, it found what it thought was a backdoor trojan located at:

    C:\DocumentsandSettings\Allusers\ApplicationData\A olDownloads\triton_suite_install_2.2.71.1

    Couldn't find the folder ApplicationData so that I could inspect this further.

    The Dr. Web cureit would lock up about half way through, so I couldn't get a suggestion on what I should do. Thank you so much for your help!!!



    SmitFraudFix v2.226

    Scan done at 21:19:24.58, 2007-09-27
    Run from C:\Documents and Settings\jared\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

    [HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA 9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CS3\Services\Tcpip\..\{6129EEBA-8652-4C40-AF09-4738DD494E8B}: DhcpNameServer=75.104.192.61
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=75.104.192.61


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

    [HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA 9-FCE2-404F-BD80-20543565D946}\InProcServer32]
    @="C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll "



    »»»»»»»»»»»»»»»»»»»»»»»» End

    NEW HJT report

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:42, on 2007-09-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dishmail.net/
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Default user')
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127737664895
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.mail.sieversandco.com/Remote/msrdp.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 7943 bytes
  • 29-09-2007  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log in your next reply.

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall




    O4 - HKLM\..\Run: [SUNJAVAUPDATESCHED] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    Your system has an outdated version(s) of Sun Java that could create serious security exposure issues for your PC.

    Update your Java.

    Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

    Please follow these steps to remove older version Java components.
    • Close any programs you may have running, ESPECIALLY your web browser
    • Click Start > Control Panel.
    • Click Add/Remove Programs.
    • Check any item with Java Runtime Environment (JRE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove all versions of Java.
    • Reboot your computer once all Java components are removed.

    Download the latest version of Java Runtime Environment (JRE) 6.0 Update 2 or higher, and install it to your computer.


    New Version should show as (HijackThis log):

    C:\Program Files\Java\jre1.6.0_02\… or higher




    Post your latest HijackThis log and any current observations.
  • 13-10-2007  #9
    bmafan
    bmafan is offline Newbie
    Its been a while since my last post, but my computer was doing better, but since I have both updated to the newest version of Java and Internet Explorer, and since the update to Internet Explorer, it seems to have gone back to being slow. Not only is the internet slow, but start up has also gotten slow again. Here is the most recent HJT and Combox fix reports. I see in the HJT a few things about AOL, but I don't have or run AOL so should i delete/repair this? I have gotten to the point where I just want nothing more than access to the internet and a word processor on the computer if that will help it speed up. I have high speed internet, but its almost as slow as when I had dial up. Thank you again, and I have been meaning to, and will make sure to donate, I know this service isn't cheap had I taken the computer someone to get it repaird.

    P.S. whats the chance the viruses messed something up that is not fixable? Maybe just need to think about getting a new comp?

    ComboFix 07-09-17.2 - "jared" 2007-10-12 19:47:11.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.36 [GMT -5:00]
    .

    ((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
    .

    2007-10-09 17:50 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-09-27 21:34 <DIR> d--h----- C:\WINDOWS\PIF
    2007-09-23 13:38 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2007-09-23 13:33 <DIR> d-------- C:\830dd876039de91f26e50e8e
    2007-09-20 19:03 3,090 --a------ C:\WINDOWS\system32\tmp.reg
    2007-09-20 19:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-09-20 19:00 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-09-20 19:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-09-17 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-15 00:33 <DIR> d-------- C:\DOCUME~1\jared\DoctorWeb
    2007-09-13 18:12 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-09-12 10:36 <DIR> d-------- C:\qrnt
    2007-09-12 10:36 <DIR> d-------- C:\CA
    2007-09-12 09:16 <DIR> d-------- C:\WINDOWS\CAVTemp
    2007-09-12 09:11 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
    2007-09-12 09:11 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
    2007-10-12 19:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
    2007-10-12 19:10 52918 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
    2007-09-12 13:18 --------- d-------- C:\Program Files\Common Files\Scanner
    2007-09-12 09:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
    2007-09-12 09:10 99904 --a------ C:\WINDOWS\system32\isafeif.dll
    2007-09-12 09:10 79424 --a------ C:\WINDOWS\system32\vetredir.dll
    2007-09-12 09:10 75280 --a------ C:\WINDOWS\system32\isafprod.dll
    2007-09-12 09:10 32528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
    2007-09-12 09:10 26640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
    2007-09-12 09:10 21648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
    2007-09-12 09:10 21392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
    2007-09-12 08:55 248 --a------ C:\PPCleanDeleteAtReboot.bat
    2007-09-11 17:54 --------- d-------- C:\Program Files\CA
    2007-09-11 07:06 --------- d-------- C:\DOCUME~1\jared\APPLIC~1\AdobeUM
    2007-09-11 07:05 0 --a------ C:\winxplogon.sys
    2007-08-26 16:01 --------- d-------- C:\Program Files\Google
    2007-08-26 15:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-26 15:18 --------- d-------- C:\Program Files\Microsoft ActiveSync
    2007-08-26 15:14 --------- d-------- C:\Program Files\Microsoft.NET
    2007-08-26 15:07 --------- d-------- C:\Program Files\Snapshot Viewer
    2007-08-21 01:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-24 18:43 23649352 --a------ C:\avg75free_476a1048.exe
    2007-07-24 18:38 12413440 --a------ C:\SpywareSetup.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-18_174624.74 )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
    ----a-w 49,152 2006-03-24 04:47:44 C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
    ----a-w 121,856 2006-07-14 15:52:22 C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
    ----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
    ----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB937143-IE7\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB937143-IE7\spuninst.exe
    ----a-w 124,928 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\advpack.dll
    ----a-w 132,608 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\extmgr.dll
    ----a-w 63,488 2007-06-27 09:16:27 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ie4uinit.exe
    ----a-w 153,088 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieakeng.dll
    ----a-w 230,400 2007-06-27 14:39:43 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieaksie.dll
    ----a-w 161,792 2007-06-27 07:07:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieakui.dll
    ----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dat
    ----a-w 383,488 2007-06-27 14:39:43 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dll
    ----a-w 384,512 2007-06-27 14:39:44 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iedkcs32.dll
    ----a-w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieframe.dll
    ----a-w 44,544 2007-06-27 14:39:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iernonce.dll
    ----a-w 267,776 2007-06-27 14:39:52 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iertutil.dll
    ----a-w 13,824 2007-06-27 09:16:27 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieudinit.exe
    ----a-w 625,152 2007-06-27 09:16:52 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
    ----a-w 27,648 2007-06-27 14:39:54 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\jsproxy.dll
    ----a-w 459,264 2007-06-27 14:39:55 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msfeeds.dll
    ----a-w 52,224 2007-06-27 14:39:55 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msfeedsbs.dll
    ----a-w 3,584,000 2007-07-18 21:09:49 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
    ----a-w 477,696 2007-06-27 14:40:00 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mshtmled.dll
    ----a-w 193,024 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msrating.dll
    ----a-w 671,232 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mstime.dll
    ----a-w 102,400 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\occache.dll
    ----a-w 105,984 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\url.dll
    ----a-w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\urlmon.dll
    ----a-w 232,960 2007-06-27 14:40:02 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\webcheck.dll
    ----a-w 824,320 2007-06-27 14:40:03 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
    ----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
    ----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
    ----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
    ----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
    ----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
    ----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
    ----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
    ----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
    ----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
    ----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
    ----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
    ----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
    ----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
    ----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
    ----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
    ----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
    ----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
    ----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
    ----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
    ----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
    ----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
    ----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
    ----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
    ----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
    ----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
    ----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
    ----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
    ----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
    ----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
    ----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
    -c----w 213,216 2006-05-25 15:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$\spuninst\spuninst.exe
    -c----w 371,424 2006-05-25 15:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$\spuninst\updspapi.dll
    -c----w 213,216 2006-05-24 17:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$\spuninst\spuninst.exe
    -c----w 371,424 2006-05-24 17:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$\spuninst\updspapi.dll
    -c----w 49,152 2004-08-04 0548 C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll
    -c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst .exe
    -c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi .dll
    -c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst .exe
    -c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi .dll
    -c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst .exe
    -c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi .dll
    -c----w 581,120 2004-08-04 0546 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
    -c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
    -c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
    -c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll
    -c--a-w 61,440 2004-08-04 0542 C:\WINDOWS\ie7\admparse.dll
    -c--a-w 99,840 2004-08-04 0542 C:\WINDOWS\ie7\advpack.dll
    -c--a-w 35,328 2004-08-04 0542 C:\WINDOWS\ie7\corpol.dll
    -c--a-w 33,792 2006-06-03 11:40:49 C:\WINDOWS\ie7\custsat.dll
    -c--a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\ie7\dxtmsft.dll
    -c--a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\ie7\dxtrans.dll
    -c--a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\ie7\extmgr.dll
    -c--a-w 38,912 2004-08-04 0544 C:\WINDOWS\ie7\hmmapi.dll
    -c--a-w 34,304 2004-08-04 0552 C:\WINDOWS\ie7\ie4uinit.exe
    -c--a-w 139,264 2004-08-04 0544 C:\WINDOWS\ie7\ieakeng.dll
    -c--a-w 216,576 2004-08-04 0544 C:\WINDOWS\ie7\ieaksie.dll
    -c--a-w 221,184 2003-03-31 12:00:00 C:\WINDOWS\ie7\ieakui.dll
    -c--a-w 323,584 2004-08-04 0544 C:\WINDOWS\ie7\iedkcs32.dll
    -c--a-w 18,432 2007-06-14 10:32:36 C:\WINDOWS\ie7\iedw.exe
    -c--a-w 81,920 2004-08-04 0544 C:\WINDOWS\ie7\ieencode.dll
    -c--a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\ie7\iepeers.dll
    -c--a-w 48,640 2004-08-04 0544 C:\WINDOWS\ie7\iernonce.dll
    -c--a-w 62,976 2004-08-04 0544 C:\WINDOWS\ie7\iesetup.dll
    -c--a-w 93,184 2004-08-04 0552 C:\WINDOWS\ie7\iexplore.exe
    -c--a-w 35,840 2004-08-04 0544 C:\WINDOWS\ie7\imgutil.dll
    -c--a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\ie7\inseng.dll
    -c--a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\ie7\jscript.dll
    -c--a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\ie7\jsproxy.dll
    -c--a-w 22,016 2004-08-04 0544 C:\WINDOWS\ie7\licmgr10.dll
    -c--a-w 29,184 2004-08-04 0554 C:\WINDOWS\ie7\mshta.exe
    -c--a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\ie7\mshtml.dll
    -c--a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\ie7\mshtmled.dll
    -c--a-w 56,832 2004-08-04 0516 C:\WINDOWS\ie7\mshtmler.dll
    -c--a-w 146,432 2003-03-31 12:00:00 C:\WINDOWS\ie7\msls31.dll
    -c--a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\ie7\msrating.dll
    -c--a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\ie7\mstime.dll
    -c--a-w 96,256 2004-08-04 0546 C:\WINDOWS\ie7\occache.dll
    -c--a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\ie7\pngfilt.dll
    -c--a-w 37,888 2004-08-04 0548 C:\WINDOWS\ie7\url.dll
    -c--a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\ie7\urlmon.dll
    -c--a-w 417,792 2004-08-04 0548 C:\WINDOWS\ie7\vbscript.dll
    -c--a-w 851,968 2007-06-26 15:13:22 C:\WINDOWS\ie7\vgx.dll
    -c--a-w 276,480 2004-08-04 0548 C:\WINDOWS\ie7\webcheck.dll
    -c--a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\ie7\wininet.dll
    -c--a-w 31,856 2006-11-08 02:04:18 C:\WINDOWS\ie7\spuninst\iecustom.dll
    -c--a-w 66,048 2006-11-08 02:01:06 C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
    -c--a-w 213,216 2006-09-06 21:43:16 C:\WINDOWS\ie7\spuninst\spuninst.exe
    -c--a-w 371,424 2006-09-06 21:43:18 C:\WINDOWS\ie7\spuninst\updspapi.dll
    -c----w 123,904 2006-11-07 08:26:24 C:\WINDOWS\ie7updates\KB937143-IE7\advpack.dll
    -c----w 131,584 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
    -c----w 54,784 2006-11-07 08:26:28 C:\WINDOWS\ie7updates\KB937143-IE7\ie4uinit.exe
    -c----w 152,064 2006-11-07 08:26:56 C:\WINDOWS\ie7updates\KB937143-IE7\ieakeng.dll
    -c----w 229,376 2006-11-07 08:27:02 C:\WINDOWS\ie7updates\KB937143-IE7\ieaksie.dll
    -c----w 161,792 2006-11-07 08:25:14 C:\WINDOWS\ie7updates\KB937143-IE7\ieakui.dll
    -c----w 2,451,824 2006-09-06 04:01:26 C:\WINDOWS\ie7updates\KB937143-IE7\ieapfltr.dat
    -c----w 380,928 2006-10-17 16:27:56 C:\WINDOWS\ie7updates\KB937143-IE7\ieapfltr.dll
    -c----w 382,976 2006-11-07 08:27:10 C:\WINDOWS\ie7updates\KB937143-IE7\iedkcs32.dll
    -c----w 6,049,280 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\ieframe.dll
    -c----w 43,008 2006-11-07 08:26:28 C:\WINDOWS\ie7updates\KB937143-IE7\iernonce.dll
    -c----w 266,752 2006-10-17 16:57:20 C:\WINDOWS\ie7updates\KB937143-IE7\iertutil.dll
    -c----w 13,312 2006-11-07 08:26:32 C:\WINDOWS\ie7updates\KB937143-IE7\ieudinit.exe
    -c----w 622,080 2006-10-17 17:04:40 C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
    -c----w 27,136 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\jsproxy.dll
    -c----w 458,752 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\msfeeds.dll
    -c----w 50,688 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\msfeedsbs.dll
    -c----w 3,577,856 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mshtml.dll
    -c----w 475,648 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mshtmled.dll
    -c----w 192,000 2006-10-17 17:05:10 C:\WINDOWS\ie7updates\KB937143-IE7\msrating.dll
    -c----w 670,720 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mstime.dll
    -c----w 101,376 2006-10-17 17:04:46 C:\WINDOWS\ie7updates\KB937143-IE7\occache.dll
    -c----w 105,984 2006-10-17 17:05:22 C:\WINDOWS\ie7updates\KB937143-IE7\url.dll
    -c----w 1,162,240 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\urlmon.dll
    -c----w 231,424 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\webcheck.dll
    -c----w 818,688 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\updspapi.dll
    -c----w 765,952 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    -c----w 124,928 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
    -c----w 214,528 2006-10-17 16:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
    -c----w 132,608 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
    -c----w 61,952 2006-10-17 16:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
    -c----w 63,488 2007-06-27 08:27:04 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
    -c----w 153,088 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
    -c----w 230,400 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
    -c----w 161,792 2007-06-27 07:00:33 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
    -c----w 383,488 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
    -c----w 384,512 2007-06-27 14:34:51 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
    -c----w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
    -c----w 44,544 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
    -c----w 267,776 2007-06-27 14:34:55 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
    -c----w 13,824 2007-06-27 08:27:05 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
    -c----w 625,152 2007-06-27 08:27:30 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
    -c----w 27,648 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
    -c----w 459,264 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
    -c----w 52,224 2007-06-27 14:34:56 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
    -c----w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
    -c----w 477,696 2007-06-27 14:34:57 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
    -c----w 193,024 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
    -c----w 671,232 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
    -c----w 102,400 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
    -c----w 105,984 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
    -c----w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
    -c----w 232,960 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
    -c----w 823,808 2007-06-27 14:34:59 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
    ------w 33,792 2006-06-03 11:40:49 C:\WINDOWS\network diagnostic\custsat.dll
    ------w 557,568 2006-10-10 12:44:50 C:\WINDOWS\network diagnostic\xpnetdiag.exe
    ----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spmsg.dll
    ----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\spuninst.exe
    ----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
    ----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
    ----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
    ----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
    ----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\spcustom.dll
    ----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\update.exe
    ----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac 17e30d3a4336176766f2e4a\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\spuninst.exe
    ----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
    ----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
    ----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
    ----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
    ----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
    ----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
    ----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
    ----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
    ----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
    ----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
    ----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
    ----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
    ----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
    ----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
    ----a-w 625,152 2007-08-17 1021 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
    ----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
    ----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
    ----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
    ----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
    ----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
    ----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
    ----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
    ----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
    ----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
    ----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
    ----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
    ----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
    ----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
    ----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
    ----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
    ----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
    ----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
    ----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
    ----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
    ----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
    ----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
    ----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
    ----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
    ----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
    ----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
    ----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
    ----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
    ----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
    ----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
    ----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
    ----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
    ----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
    ----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
    ----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
    ----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
    ----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
    ----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
    ----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
    ----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
    ----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf 644e553ca6da8ed6ca50d4f\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\spuninst.exe
    ----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
    ----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59 cb8f380ba397304c1c563d0\update\updspapi.dll
    ----a-w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\admparse.dll
    ----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
    ----a-w 17,408 2006-10-17 17:03:56 C:\WINDOWS\system32\corpol.dll
    ----a-w 346,624 2006-10-17 16:58:06 C:\WINDOWS\system32\dxtmsft.dll
    ----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
    ----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
    ----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
    ------w 26,112 2006-06-29 13:05:44 C:\WINDOWS\system32\idndl.dll
    ----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
    ----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
    ----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
    ----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
    ----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\system32\ieapfltr.dat
    ----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
    ----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
    ----a-w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\ieencode.dll
    ----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
    ----a-w 191,488 2006-11-08 02:03:36 C:\WINDOWS\system32\iepeers.dll
    ----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
    ----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
    ----a-w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\iesetup.dll
    ----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
    ------w 180,736 2006-11-08 02:03:36 C:\WINDOWS\system32\ieui.dll
    ----a-w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\imgutil.dll
    ----a-w 92,672 2006-11-07 08:26:24 C:\WINDOWS\system32\inseng.dll
    ----a-w 135,168 2007-09-25 03:30:28 C:\WINDOWS\system32\java.exe
    ----a-w 135,168 2007-09-25 03:30:30 C:\WINDOWS\system32\javaw.exe
    ----a-w 139,264 2007-09-25 04:31:42 C:\WINDOWS\system32\javaws.exe
    ----a-w 491,520 2006-10-17 17:00:00 C:\WINDOWS\system32\jscript.dll
    ----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
    ----a-w 40,960 2006-10-17 17:05:10 C:\WINDOWS\system32\licmgr10.dll
    ----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
    ----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
    ----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
    ------w 12,288 2006-10-17 16:58:32 C:\WINDOWS\system32\msfeedssync.exe
    ----a-w 45,568 2006-10-17 1610 C:\WINDOWS\system32\mshta.exe
    ----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtml.dll
    ----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
    ----a-w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\mshtmler.dll
    ----a-w 156,160 2006-11-08 02:03:36 C:\WINDOWS\system32\msls31.dll
    ----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
    ----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
    ------w 24,576 2006-06-28 22:59:26 C:\WINDOWS\system32\nlsdl.dll
    ------w 23,552 2006-06-29 13:05:44 C:\WINDOWS\system32\normaliz.dll
    ----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
    ----a-w 44,544 2006-10-17 16:58:08 C:\WINDOWS\system32\pngfilt.dll
    ----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
    ----a-w 22,752 2006-09-06 21:43:16 C:\WINDOWS\system32\spupdsvc.exe
    ----a-w 40,960 2007-09-20 23:59:08 C:\WINDOWS\system32\swsc.exe
    ----a-w 79,360 2007-09-20 23:59:08 C:\WINDOWS\system32\swxcacls.exe
    ----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
    ----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
    ----a-w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\vbscript.dll
    ----a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\system32\wdigest.dll
    ----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
    ------w 206,336 2006-10-17 17:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
    ----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
    ------w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
    -c----w 71,680 2006-11-07 08:26:44 C:\WINDOWS\system32\dllcache\admparse.dll
    -c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
    -c----w 17,408 2006-10-17 17:03:56 C:\WINDOWS\system32\dllcache\corpol.dll
    -c--a-w 346,624 2006-10-17 16:58:06 C:\WINDOWS\system32\dllcache\dxtmsft.dll
    -c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
    -c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
    -c----w 60,416 2006-10-17 16:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
    -c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
    -c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
    -c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
    -c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
    -c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
    -c----w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\system32\dllcache\ieapfltr.dat
    -c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
    -c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
    -c--a-w 69,120 2006-10-17 17:04:50 C:\WINDOWS\system32\dllcache\iedw.exe
    -c----w 78,336 2006-10-17 17:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
    -c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
    -c--a-w 191,488 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\iepeers.dll
    -c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
    -c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
    -c----w 55,296 2006-11-07 08:26:42 C:\WINDOWS\system32\dllcache\iesetup.dll
    -c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
    -c----w 625,152 2007-08-17 1021 C:\WINDOWS\system32\dllcache\iexplore.exe
    -c----w 36,352 2006-10-17 16:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
    -c----w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
    -c--a-w 92,672 2006-11-07 08:26:24 C:\WINDOWS\system32\dllcache\inseng.dll
    -c--a-w 491,520 2006-10-17 17:00:00 C:\WINDOWS\system32\dllcache\jscript.dll
    -c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
    -c----w 40,960 2006-10-17 17:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
    -c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
    -c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    -c----w 45,568 2006-10-17 1610 C:\WINDOWS\system32\dllcache\mshta.exe
    -c--a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtml.dll
    -c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
    -c----w 48,128 2006-10-17 16:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
    -c--a-w 156,160 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\msls31.dll
    -c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
    -c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
    -c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
    -c--a-w 44,544 2006-10-17 16:58:08 C:\WINDOWS\system32\dllcache\pngfilt.dll
    -c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
    -c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
    -c----w 413,696 2006-11-08 02:03:36 C:\WINDOWS\system32\dllcache\vbscript.dll
    -c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
    -c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
    -c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
    .
    ----a-w 61,440 2004-08-04 0542 C:\WINDOWS\system32\admparse.dll
    ----a-w 99,840 2004-08-04 0542 C:\WINDOWS\system32\advpack.dll
    ----a-w 35,328 2004-08-04 0542 C:\WINDOWS\system32\corpol.dll
    ----a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\system32\dxtmsft.dll
    ----a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\system32\dxtrans.dll
    ------w 55,808 2007-06-15 08:12:28 C:\WINDOWS\system32\extmgr.dll
    ----a-w 34,304 2004-08-04 0552 C:\WINDOWS\system32\ie4uinit.exe
    ----a-w 139,264 2004-08-04 0544 C:\WINDOWS\system32\ieakeng.dll
    ----a-w 216,576 2004-08-04 0544 C:\WINDOWS\system32\ieaksie.dll
    ----a-w 221,184 2003-03-31 12:00:00 C:\WINDOWS\system32\ieakui.dll
    ----a-w 323,584 2004-08-04 0544 C:\WINDOWS\system32\iedkcs32.dll
    ------w 81,920 2004-08-04 0544 C:\WINDOWS\system32\ieencode.dll
    ----a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\system32\iepeers.dll
    ----a-w 48,640 2004-08-04 0544 C:\WINDOWS\system32\iernonce.dll
    ----a-w 62,976 2004-08-04 0544 C:\WINDOWS\system32\iesetup.dll
    ----a-w 35,840 2004-08-04 0544 C:\WINDOWS\system32\imgutil.dll
    ----a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\system32\inseng.dll
    ----a-w 49,248 2005-04-13 07:19:56 C:\WINDOWS\system32\java.exe
    ----a-w 49,250 2005-04-13 07:20:04 C:\WINDOWS\system32\javaw.exe
    ----a-w 127,078 2005-04-13 08:48:54 C:\WINDOWS\system32\javaws.exe
    ----a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\jscript.dll
    ----a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\system32\jsproxy.dll
    ----a-w 22,016 2004-08-04 0544 C:\WINDOWS\system32\licmgr10.dll
    ----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
    ----a-w 29,184 2004-08-04 0554 C:\WINDOWS\system32\mshta.exe
    ----a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\system32\mshtml.dll
    ----a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\system32\mshtmled.dll
    ----a-w 56,832 2004-08-04 0516 C:\WINDOWS\system32\mshtmler.dll
    ----a-w 146,432 2003-03-31 12:00:00 C:\WINDOWS\system32\msls31.dll
    ----a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\system32\msrating.dll
    ----a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\system32\mstime.dll
    ----a-w 96,256 2004-08-04 0546 C:\WINDOWS\system32\occache.dll
    ----a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\system32\pngfilt.dll
    ----a-w 581,120 2004-08-04 0546 C:\WINDOWS\system32\rpcrt4.dll
    ----a-w 22,752 2005-06-28 1534 C:\WINDOWS\system32\spupdsvc.exe
    ----a-w 370,688 2006-11-29 2229 C:\WINDOWS\system32\swsc.exe
    ----a-w 212,480 2006-12-01 10:20:32 C:\WINDOWS\system32\swxcacls.exe
    ----a-w 37,888 2004-08-04 0548 C:\WINDOWS\system32\url.dll
    ----a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\system32\urlmon.dll
    ----a-w 417,792 2004-08-04 0548 C:\WINDOWS\system32\vbscript.dll
    ----a-w 49,152 2004-08-04 0548 C:\WINDOWS\system32\wdigest.dll
    ----a-w 276,480 2004-08-04 0548 C:\WINDOWS\system32\webcheck.dll
    ----a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\system32\wininet.dll
    -c----w 357,888 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\dxtmsft.dll
    -c----w 205,824 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\dxtrans.dll
    -c----w 55,808 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\extmgr.dll
    -c--a-w 221,184 2003-03-31 12:00:00 C:\WINDOWS\system32\dllcache\ieakui.dll
    -c----w 18,432 2007-06-14 10:32:36 C:\WINDOWS\system32\dllcache\iedw.exe
    -c----w 251,904 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\iepeers.dll
    -c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
    -c----w 96,256 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\inseng.dll
    -c----w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\dllcache\jscript.dll
    -c----w 16,384 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\jsproxy.dll
    -c----w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mshtml.dll
    -c----w 449,024 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mshtmled.dll
    -c--a-w 146,432 2003-03-31 12:00:00 C:\WINDOWS\system32\dllcache\msls31.dll
    -c----w 146,432 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\msrating.dll
    -c----w 532,480 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\mstime.dll
    -c----w 39,424 2007-06-15 08:12:29 C:\WINDOWS\system32\dllcache\pngfilt.dll
    -c----w 616,960 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\urlmon.dll
    -c----w 851,968 2007-06-26 15:13:22 C:\WINDOWS\system32\dllcache\vgx.dll
    -c----w 665,600 2007-06-26 14:35:54 C:\WINDOWS\system32\dllcache\wininet.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-26 18:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-09-12 09:10]
    "CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-09-12 09:10]
    "capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-09-12 09:10]
    "capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-09-12 09:10]
    "cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-09-12 09:10]
    "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-13 23:18]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
    Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00]

    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
    "{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    UmxWnp.Dll 2007-01-31 14:00 79368 C:\WINDOWS\system32\UmxWNP.dll

    R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxs tart.sys
    R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxa gent.sys
    R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFil e.sys
    R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
    R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
    R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.s ys
    R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
    R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
    R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
    R3 allegro;ESS Allegro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198x.sys
    R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.s ys
    R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS
    S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys
    S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys
    S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys
    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
    AutoRun\command- G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ddb359a3-26a4-11dc-8326-00038a000015}]
    AutoRun\command- G:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-01 02:52:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-12 02:18:00 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as jared at 5 54 PM.job"
    "2006-01-24 01:59:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1128128163.job"
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    .
    ************************************************** ************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-12 19:58:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2007-10-12 20:08:21
    C:\ComboFix-quarantined-files.txt ... 2007-10-12 20:08
    C:\ComboFix2.txt ... 2007-10-04 18:12
    C:\ComboFix3.txt ... 2007-09-30 22:31
    .
    --- E O F ---



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:36:27 PM, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dishmail.net/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127737664895
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.mail.sieversandco.com/Remote/msrdp.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\jared\LOCALS~1\Temp\~~install.dll (file missing)
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 7964 bytes
  • 13-10-2007  #10
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Are you the only user of this PC? The AOL components appear to be related to 'Instant MESSAGING' (IM)). The use of IM and a bad link is one of the quickest ways to get infected. You were fine for a while and then something went bad all of a sudden??


    Lets run the following diagnostic:

    Please download Deckard's System Scanner (DSS) to your desktop.
    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
    • Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What DSS will do:
    • Create a new System Restore point in Windows XP and Vista.
    • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
    Post Logs:
    • DSS Scan Results: contents of:
      • 1) Main.txt
      • 2) Extra.txt
    • + Reply to Thread
    « HJT Log For Desktop Screen Problems | fear of some spyware or virus »

    Similar Threads