Author Topic: iexplore.exe - Application Error (Read 15005 times)

danldo · « **on:** August 19, 2010, 10:53:49 AM »

I XP SP2 running IE8. Everytime I try to open Internet explore I get and error message iexplore.exe - Application Error The instruction at "0xd5584b4a" referenced memory at "0xd5584b4a". The memory could not be "read".
I have scaned with malwarbytes and it found 3 infected files and removed them. I have tried disabling ie add ons, but it still does not work.
I booted in safe mode with networking and Internet Explore works.
I rebooted and here is my Hijackthis log.
Any help please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:19 AM, on 8/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DRGOMEZ.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = DRGOMEZ.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DRGOMEZ.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bsarad.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bsarad.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca3ddbc0872076) (gupdate1ca3ddbc0872076) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\winvnc.exe

--
End of file - 10269 bytes

SuperDave · « **Reply #1 on:** August 20, 2010, 01:02:06 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
********************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************

Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

danldo · « **Reply #2 on:** August 23, 2010, 12:27:47 PM »

I did the scans but it is not working.
Here are the logs.
Thank you so much.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2010 at 10:42 AM

Application Version : 4.41.1000

Core Rules Database Version : 5393
Trace Rules Database Version: 3205

Scan type : Complete Scan
Total Scan Time : 00:52:18

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 7132
Registry threats detected : 0
File items scanned : 73162
File threats detected : 242

Adware.Tracking Cookie
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\[email protected][2].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@mediaplex[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@atdmt[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@collective-media[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@serving-sys[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@revsci[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@doubleclick[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@apmebf[1].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\egomez@tribalfusion[2].txt
   C:\Documents and Settings\egomez.DRGOMEZ\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
   C:\Documents and Settings\administrator.DRGOMEZ\Cookies\administrator@atdmt[2].txt
   C:\Documents and Settings\administrator.DRGOMEZ\Cookies\administrator@doubleclick[1].txt
   C:\Documents and Settings\administrator.DRGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\[email protected][2].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\administrator@atdmt[2].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\[email protected][1].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\administrator@doubleclick[2].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\administrator@questionmarket[1].txt
   C:\Documents and Settings\Administrator.DRGOMEZ.000\Cookies\administrator@zedo[1].txt
   C:\Documents and Settings\Dr Gomez\Cookies\dr [email protected][1].txt
   C:\Documents and Settings\Dr Gomez\Cookies\dr gomez@atdmt[1].txt
   C:\Documents and Settings\EGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\EGOMEZ\Cookies\egomez@atdmt[2].txt
   C:\Documents and Settings\EGOMEZ\Cookies\egomez@casalemedia[2].txt
   C:\Documents and Settings\EGOMEZ\Cookies\[email protected][1].txt
   .atdmt.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .microsoftwindows.112.2o7.net [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Documents and Settings\egomez.DRGOMEZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
   macromedia.com [ C:\Documents and Settings\Eric Gomez\Application Data\Macromedia\Flash Player\#SharedObjects\86NJP8JY ]
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@123count[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@247realmedia[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@2o7[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@adknowledge[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@admarketplace[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@adrevolver[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@adrevolver[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@adsrevenue[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@adtrak[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@advertising[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@apmebf[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@atdmt[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@atwola[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@azjmp[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@bakermedia[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@banner[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@belnk[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@bfast[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@bigbanners[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@bluestreak[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@bravenet[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@burstnet[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@casalemedia[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@cassava[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@clickability[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@clickagents[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@clicksor[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@commission-junction[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@countercentral[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@dhdmedia[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@doubleclick[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@fastclick[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@femalestars[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@fortunecity[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@gostats[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@hitbox[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@indextools[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@inet-traffic[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@insightexpressai[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@interclick[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@maxserving[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@mediaplex[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@nextag[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@nowthatsfuckedup[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@overture[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@partner2profit[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@partypoker[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@paycounter[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@php_myvisites_stats[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@primediamags[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@qksrv[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@qnsr[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@questionmarket[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@realmedia[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@revenue[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@revsci[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@roiservice[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@serving-sys[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@sextracker[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@statcounter[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@stats[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@tacoda[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@targetnet[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@tracking[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@tradedoubler[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@trafficmp[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@tribalfusion[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@tripod[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@valueclick[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@webpower[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@windowsmedia[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@winfixer[2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][2].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@xiti[1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric [email protected][1].txt
   C:\Documents and Settings\Eric Gomez\Cookies\eric gomez@zedo[2].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\[email protected][1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\[email protected][2].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@atdmt[1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@belnk[1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@casalemedia[1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\[email protected][2].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@doubleclick[1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@mediaplex[1].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@partner2profit[2].txt
   C:\Documents and Settings\jtorrez.DRGOMEZ\Cookies\jtorrez@questionmarket[2].txt
   C:\Documents and Settings\lflores\Cookies\[email protected][1].txt
   C:\Documents and Settings\lflores\Cookies\lflores@atdmt[1].txt
   C:\Documents and Settings\lflores\Cookies\lflores@clickbank[1].txt

ComboFix 10-08-22.07 - egomez 08/23/2010 11:35:48.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.800 [GMT -5:00]
Running from: c:\documents and settings\egomez.DRGOMEZ\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~WRD0713.tmp
c:\documents and settings\egomez.DRGOMEZ\Application Data\Edcai
c:\documents and settings\egomez.DRGOMEZ\Application Data\Edcai\ryope.ezy
c:\documents and settings\egomez.DRGOMEZ\Application Data\Edcai\ryope.tmp
c:\documents and settings\egomez.DRGOMEZ\Application Data\Epemeg
c:\documents and settings\egomez.DRGOMEZ\Application Data\Epemeg\ynoq.exe
c:\documents and settings\egomez.DRGOMEZ\g2mdlhlpx.exe
c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Windows Server
c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Windows Server\uses32.dat
C:\Images
c:\images\DirCfg.ini
c:\windows\system32\drivers\fad.sys

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-23 14:45 . 2010-08-23 14:45   63488   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-23 14:45 . 2010-08-23 14:45   52224   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-23 14:45 . 2010-08-23 14:45   117760   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-23 14:43 . 2010-08-23 14:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-23 12:41 . 2010-08-23 12:41   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Identities
2010-08-19 15:31 . 2010-08-19 15:31   --------   d-----w-   c:\program files\Trend Micro
2010-08-18 21:19 . 2010-08-18 21:19   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-08-18 21:09 . 2010-08-18 21:09   --------   d-sh--w-   c:\documents and settings\egomez.DRGOMEZ\IECompatCache
2010-08-18 20:42 . 2010-08-18 20:42   --------   d-----w-   C:\QUARANTINE
2010-08-16 18:01 . 2005-09-17 18:32   745752   ----a-w-   c:\windows\system32\wodSmtp.dll
2010-08-16 18:01 . 2004-05-19 15:22   114688   ----a-w-   c:\windows\system32\DARTUTIL.DLL
2010-08-10 22:33 . 2010-08-10 22:33   --------   d-----w-   c:\program files\PMIC EBOOKS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 16:00 . 2005-09-07 23:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DIGStream
2010-08-23 12:23 . 2009-12-14 13:25   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\HPAppData
2010-08-20 13:05 . 2010-08-20 12:57   161   ----a-w-   c:\windows\Temp.tmp
2010-08-19 15:17 . 2010-08-18 21:27   --------   d-----w-   c:\program files\CCleaner
2010-08-18 22:04 . 2009-12-11 20:39   --------   d-----w-   c:\program files\Yahoo!
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\Malwarebytes
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 13:16 . 2005-04-28 18:45   34816   ----a-w-   c:\program files\db_list.dbp
2010-07-06 14:36 . 2006-06-24 01:31   65912   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 12:16 . 2010-06-23 12:16   501936   ----a-w-   c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb166.tmp.exe
2010-06-14 13:42 . 2010-06-14 13:10   77383   ----a-w-   c:\windows\hpqins05.dat
2005-06-28 16:50 . 2005-06-28 16:50   6144   ----a-w-   c:\program files\DB_LIST_HISTORY.DBP
.

------- Sigcheck -------

[-] 2004-08-04 . D3408C4FCC614A70F1CB3691C7DDF792 . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 . 9982618CEB1D8DAE75B4AD913A99A3EB . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"SMSERIAL"="sm56hlpr.exe" [2004-07-19 565248]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WinVNC"="c:\program files\RealVNC\WinVNC\winvnc.exe" [2003-03-05 335872]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-7-28 1450047]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2006-10-23 07:48   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 07:29   47392   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04   53248   ------w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06   142120   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-19 12:31   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-08 13:19   202256   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [6/23/2006 9:04 PM 58048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S2 gupdate1ca3ddbc0872076;Google Update Service (gupdate1ca3ddbc0872076);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 7:28 AM 133104]
S2 MLPTDR_B;MLPTDR_B;c:\windows\SYSTEM32\MLPTDR_B.SYS [9/2/2003 4:06 PM 20064]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 4:10 PM 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-08-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 11:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-08-23 11:42:34
ComboFix-quarantined-files.txt 2010-08-23 16:42

Pre-Run: 26,359,615,488 bytes free
Post-Run: 26,484,244,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 755593661242EDB306C8FDAF653FAA52

SuperDave · « **Reply #3 on:** August 23, 2010, 01:01:08 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Dirlook::
C:\QUARANTINE

File::
c:\windows\Temp.tmp

Rootkit::

FileLook::
c:\windows\explorer.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

***********************************

danldo · « **Reply #4 on:** August 23, 2010, 04:44:28 PM »

Here is my log.
The only way ComboFix will work is in Safe Mode.
I tried it normal and I get a Stop: C000021a {Fatal System Error}
It runs in safe mode and here is the log.
Thank you.

ComboFix 10-08-23.01 - egomez 08/23/2010 17:10:01.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.706 [GMT -5:00]
Running from: c:\documents and settings\egomez.DRGOMEZ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\egomez.DRGOMEZ\Desktop\CFScript.txt

FILE ::
"c:\windows\Temp.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp.tmp

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\i386\WINLOGON.EXE

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-23 14:45 . 2010-08-23 14:45   63488   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-23 14:45 . 2010-08-23 14:45   52224   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-23 14:45 . 2010-08-23 14:45   117760   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-23 14:43 . 2010-08-23 14:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-23 12:41 . 2010-08-23 12:41   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Identities
2010-08-19 15:31 . 2010-08-19 15:31   --------   d-----w-   c:\program files\Trend Micro
2010-08-18 21:19 . 2010-08-18 21:19   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-08-18 21:09 . 2010-08-18 21:09   --------   d-sh--w-   c:\documents and settings\egomez.DRGOMEZ\IECompatCache
2010-08-18 20:42 . 2010-08-23 16:56   --------   d-----w-   C:\QUARANTINE
2010-08-16 18:01 . 2005-09-17 18:32   745752   ----a-w-   c:\windows\system32\wodSmtp.dll
2010-08-16 18:01 . 2004-05-19 15:22   114688   ----a-w-   c:\windows\system32\DARTUTIL.DLL
2010-08-10 22:33 . 2010-08-10 22:33   --------   d-----w-   c:\program files\PMIC EBOOKS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 22:19 . 2005-09-07 23:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DIGStream
2010-08-23 19:18 . 2009-12-14 13:25   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\HPAppData
2010-08-19 15:17 . 2010-08-18 21:27   --------   d-----w-   c:\program files\CCleaner
2010-08-18 22:04 . 2009-12-11 20:39   --------   d-----w-   c:\program files\Yahoo!
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\Malwarebytes
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 13:16 . 2005-04-28 18:45   34816   ----a-w-   c:\program files\db_list.dbp
2010-07-06 14:36 . 2006-06-24 01:31   65912   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 12:16 . 2010-06-23 12:16   501936   ----a-w-   c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb166.tmp.exe
2010-06-14 13:42 . 2010-06-14 13:10   77383   ----a-w-   c:\windows\hpqins05.dat
2005-06-28 16:50 . 2005-06-28 16:50   6144   ----a-w-   c:\program files\DB_LIST_HISTORY.DBP
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1032192
Created time: 2004-08-04 10:00
Modified time: 2004-08-04 10:00
MD5: 9982618CEB1D8DAE75B4AD913A99A3EB
SHA1: C105ED32D6A542C4D5CD3C5C5933DE50E4214FE D

---- Directory of C:\QUARANTINE ----

2010-08-23 16:56 . 2010-08-23 16:56   93   ----a-w-   c:\quarantine\infected.log
2010-08-23 16:56 . 2010-08-23 16:56   72   ----a-w-   c:\quarantine\Av-test.txt.Vir

------- Sigcheck -------

[-] 2004-08-04 . 24E8C39B3E1EF32FB6C8703EF752AC74 . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 . 9982618CEB1D8DAE75B4AD913A99A3EB . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-23_17.59.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-23 22:16 . 2010-08-23 22:16   16384 c:\windows\temp\Perflib_Perfdata_4f4.dat
+ 2010-08-23 22:16 . 2010-08-23 22:16   16384 c:\windows\temp\Perflib_Perfdata_33c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"SMSERIAL"="sm56hlpr.exe" [2004-07-19 565248]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WinVNC"="c:\program files\RealVNC\WinVNC\winvnc.exe" [2003-03-05 335872]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-7-28 1450047]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2006-10-23 07:48   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 07:29   47392   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04   53248   ------w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06   142120   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-19 12:31   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-08 13:19   202256   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [6/23/2006 9:04 PM 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 MLPTDR_B;MLPTDR_B;c:\windows\SYSTEM32\MLPTDR_B.SYS [9/2/2003 4:06 PM 20064]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 4:10 PM 32512]
S2 gupdate1ca3ddbc0872076;Google Update Service (gupdate1ca3ddbc0872076);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 7:28 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-08-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 17:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\EntApi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Lexmark 4200 Series\lxbmbmon.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-08-23 17:24:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-23 22:24
ComboFix2.txt 2010-08-23 18:04
ComboFix3.txt 2010-08-23 16:42

Pre-Run: 26,465,378,304 bytes free
Post-Run: 26,455,195,648 bytes free

- - End Of File - - 87C7794D2DF32297D546B8ECE98FADAC

SuperDave · « **Reply #5 on:** August 23, 2010, 05:13:35 PM »

Registry cleaners (RegCure) are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

******************************************

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
explorer.exe

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

danldo · « **Reply #6 on:** August 24, 2010, 08:20:52 AM »

Here is my log.
Thank you

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:41 on 24/08/2010 by egomez (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a--- 1032192 bytes [10:00 04/08/2004] [10:00 04/08/2004] 9982618CEB1D8DAE75B4AD913A99A3EB

-=End Of File=-

SuperDave · « **Reply #7 on:** August 24, 2010, 01:05:33 PM »

That doesn't look good. Do you have your OS CD?

danldo · « **Reply #8 on:** August 24, 2010, 03:42:05 PM »

Yes, I do.

SuperDave · « **Reply #9 on:** August 24, 2010, 05:13:57 PM »

Place the OS CD in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
Please let me know what happens.

danldo · « **Reply #10 on:** August 25, 2010, 09:30:33 AM »

I ran SFC and it ran fine.
Internet Explore still does not work.
I ran the SystemLook again and here is the log.
Thank you,

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:12 on 25/08/2010 by egomez (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a--- 1032192 bytes [10:00 04/08/2004] [10:00 04/08/2004] A06B61E9E26A31E18D5E5412BAFC2467
C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe --a--- 1032192 bytes [10:00 04/08/2004] [10:00 04/08/2004] A06B61E9E26A31E18D5E5412BAFC2467

-=End Of File=-

SuperDave · « **Reply #11 on:** August 25, 2010, 04:34:14 PM »

Ok. That's great. Let's try this to get that file cleaned.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

FCopy::
C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe | c:\windows\explorer.exe

Folder::
C:\QUARANTINE

Rootkit::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

danldo · « **Reply #12 on:** August 26, 2010, 12:10:42 PM »

Everytime I drag the CFScript into the Combo Fix it starts and the it stops after "This typically doesn't take more that 10 minutes however, scantimes for badly infected machines may easily double."
It does nothing after this. I let it run over 25 minutes and nothing.

SuperDave · « **Reply #13 on:** August 26, 2010, 01:06:02 PM »

Ok. We'll try to do it without ComboFix.

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code: [Select]

@echo off
copy C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe c:\windows\explorer.exe  

del C:\QUARANTINE
del event.bat
exit

In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat

Now double click the event.bat file you just created and let it finish.

You will know it's finished when there is a new file on your desktop.
*************************************

Now, please try to run another scan with ComboFix.

danldo · « **Reply #14 on:** August 26, 2010, 03:12:27 PM »

After creating the event.bat and save
I double click on it and I get a command window with the following:
The system cannot find the file specified.
C:\QUARANTINE\*, Are you sure (Y/N)?
If I press Y the window goes away and no other files show up.

SuperDave · « **Reply #15 on:** August 26, 2010, 04:22:08 PM »

Ok. We'll get the other folder later on. Let's run this.

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code: [Select]

@echo off
copy C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe c:\windows\explorer.exe  

del event.bat

exit

In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat

Now double click the event.bat file you just created and let it finish.

You will know it's finished when there is a new file on your desktop.

danldo · « **Reply #16 on:** August 27, 2010, 07:41:37 PM »

When I double clicked on it, it went away and deleted the event.bat folder and nothing else.

SuperDave · « **Reply #17 on:** August 28, 2010, 05:14:20 PM »

Ok. Please run another scan with ComboFix to see if that file has been cleaned. Please post the log here.

danldo · « **Reply #18 on:** August 30, 2010, 07:24:43 AM »

Here is my combofix log.
ComboFix 10-08-22.05 - egomez 08/30/2010 7:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.548 [GMT -5:00]
Running from: c:\documents and settings\egomez.DRGOMEZ\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . is infected!!

Infected copy of c:\windows\SYSTEM32\winlogon.exe was found and disinfected
Restored copy from - c:\i386\WINLOGON.EXE

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-26 15:46 . 2010-08-26 15:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-08-25 15:02 . 2004-08-04 05:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-25 15:02 . 2001-08-18 03:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-25 15:02 . 2001-08-18 03:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-08-25 15:02 . 2001-08-18 03:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-08-25 15:02 . 2001-08-18 03:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-08-25 15:00 . 2001-08-17 17:13   19016   ----a-w-   c:\windows\system32\dllcache\w926nd.sys
2010-08-25 14:59 . 2004-08-04 04:08   25600   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2010-08-25 14:58 . 2001-08-17 19:56   440576   ----a-w-   c:\windows\system32\dllcache\tridkb.dll
2010-08-25 14:57 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\tandqic.sys
2010-08-25 14:56 . 2001-08-17 18:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2010-08-25 14:55 . 2004-08-04 10:00   38912   ----a-w-   c:\windows\system32\dllcache\sm9aw.dll
2010-08-25 14:54 . 2001-08-17 17:51   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2010-08-25 14:53 . 2001-08-17 19:56   179264   ----a-w-   c:\windows\system32\dllcache\s3sav3d.dll
2010-08-25 14:52 . 2004-08-04 10:00   14848   ----a-w-   c:\windows\system32\dllcache\register.exe
2010-08-25 14:51 . 2001-08-17 19:07   19840   ----a-w-   c:\windows\system32\dllcache\philtune.sys
2010-08-25 14:50 . 2001-08-17 19:05   351616   ----a-w-   c:\windows\system32\dllcache\ovcodek2.sys
2010-08-25 14:49 . 2004-08-04 10:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
2010-08-25 14:48 . 2004-08-04 03:41   126686   ----a-w-   c:\windows\system32\dllcache\mtlmnt5.sys
2010-08-25 14:47 . 2001-08-18 03:36   58368   ----a-w-   c:\windows\system32\dllcache\m3091dc.dll
2010-08-25 14:46 . 2001-08-18 03:36   8704   ----a-w-   c:\windows\system32\dllcache\kbdjpn.dll
2010-08-25 14:45 . 2001-08-17 19:06   100992   ----a-w-   c:\windows\system32\dllcache\icam5usb.sys
2010-08-25 14:44 . 2001-08-17 18:28   391199   ----a-w-   c:\windows\system32\dllcache\hsf_k56k.sys
2010-08-25 14:43 . 2001-08-17 18:58   19200   ----a-w-   c:\windows\system32\dllcache\hidbatt.sys
2010-08-25 14:42 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\exabyte2.sys
2010-08-25 14:41 . 2001-08-17 17:11   69194   ----a-w-   c:\windows\system32\dllcache\el656cd5.sys
2010-08-25 14:40 . 2001-08-18 03:36   110592   ----a-w-   c:\windows\system32\dllcache\dc260usd.dll
2010-08-25 14:39 . 2001-08-17 17:12   37916   ----a-w-   c:\windows\system32\dllcache\cb102.sys
2010-08-25 14:38 . 2004-08-04 05:56   21183   ----a-w-   c:\windows\system32\dllcache\atv01nt5.dll
2010-08-25 14:37 . 2004-08-04 04:10   53248   ----a-w-   c:\windows\system32\dllcache\1394bus.sys
2010-08-23 14:45 . 2010-08-23 14:45   63488   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-23 14:45 . 2010-08-23 14:45   52224   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-23 14:45 . 2010-08-23 14:45   117760   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-23 14:43 . 2010-08-23 14:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-23 12:41 . 2010-08-23 12:41   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Identities
2010-08-19 15:31 . 2010-08-19 15:31   --------   d-----w-   c:\program files\Trend Micro
2010-08-18 21:09 . 2010-08-18 21:09   --------   d-sh--w-   c:\documents and settings\egomez.DRGOMEZ\IECompatCache
2010-08-18 20:42 . 2010-08-26 20:53   --------   d-----w-   C:\QUARANTINE
2010-08-16 18:01 . 2005-09-17 18:32   745752   ----a-w-   c:\windows\system32\wodSmtp.dll
2010-08-16 18:01 . 2004-05-19 15:22   114688   ----a-w-   c:\windows\system32\DARTUTIL.DLL
2010-08-10 22:33 . 2010-08-10 22:33   --------   d-----w-   c:\program files\PMIC EBOOKS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 14:43 . 2005-09-07 23:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DIGStream
2010-08-27 14:22 . 2010-08-27 14:15   161   ----a-w-   c:\windows\Temp.tmp
2010-08-26 16:07 . 2009-12-14 13:25   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\HPAppData
2010-08-19 15:17 . 2010-08-18 21:27   --------   d-----w-   c:\program files\CCleaner
2010-08-18 22:04 . 2009-12-11 20:39   --------   d-----w-   c:\program files\Yahoo!
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\Malwarebytes
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 13:16 . 2005-04-28 18:45   34816   ----a-w-   c:\program files\db_list.dbp
2010-07-06 14:36 . 2006-06-24 01:31   65912   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 12:16 . 2010-06-23 12:16   501936   ----a-w-   c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb166.tmp.exe
2010-06-14 13:42 . 2010-06-14 13:10   77383   ----a-w-   c:\windows\hpqins05.dat
2005-06-28 16:50 . 2005-06-28 16:50   6144   ----a-w-   c:\program files\DB_LIST_HISTORY.DBP
.

------- Sigcheck -------

[-] 2004-08-04 . 24E8C39B3E1EF32FB6C8703EF752AC74 . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 . A06B61E9E26A31E18D5E5412BAFC2467 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-23_17.59.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 12:54 . 2010-08-30 12:54   16384 c:\windows\temp\Perflib_Perfdata_5b0.dat
+ 2010-08-26 16:09 . 2010-08-26 16:09   16384 c:\windows\temp\Perflib_Perfdata_5a8.dat
+ 2010-08-30 12:54 . 2010-08-30 12:54   16384 c:\windows\temp\Perflib_Perfdata_350.dat
+ 2010-08-26 16:09 . 2010-08-26 16:09   16384 c:\windows\temp\Perflib_Perfdata_334.dat
+ 2004-08-04 10:00 . 2004-08-04 10:00   13894 c:\windows\SYSTEM32\DLLCACHE\zonelibm.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   29760 c:\windows\SYSTEM32\DLLCACHE\znetm.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   41029 c:\windows\SYSTEM32\DLLCACHE\zcorem.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   36937 c:\windows\SYSTEM32\DLLCACHE\zclientm.exe
+ 2004-08-04 10:00 . 2006-03-01 19:42   11776 c:\windows\SYSTEM32\DLLCACHE\xolehlp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   50176 c:\windows\SYSTEM32\DLLCACHE\xmlprovi.dll
+ 2010-08-25 15:01 . 2001-08-18 03:37   99865 c:\windows\SYSTEM32\DLLCACHE\xlog.exe
+ 2010-08-25 15:01 . 2001-08-17 17:11   16970 c:\windows\SYSTEM32\DLLCACHE\xem336n5.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   30720 c:\windows\SYSTEM32\DLLCACHE\xcopy.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   91648 c:\windows\SYSTEM32\DLLCACHE\xactsrv.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51712 c:\windows\SYSTEM32\DLLCACHE\wzcsapi.dll
+ 2010-08-25 15:01 . 2004-08-04 03:29   19455 c:\windows\SYSTEM32\DLLCACHE\wvchntxx.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   32256 c:\windows\SYSTEM32\DLLCACHE\wupdmgr.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   18432 c:\windows\SYSTEM32\DLLCACHE\wtsapi32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   50688 c:\windows\SYSTEM32\DLLCACHE\wstdecod.dll
+ 2010-08-25 15:01 . 2004-08-04 04:10   19328 c:\windows\SYSTEM32\DLLCACHE\wstcodec.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   22528 c:\windows\SYSTEM32\DLLCACHE\wsock32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   42496 c:\windows\SYSTEM32\DLLCACHE\wsnmp32.dll
+ 2010-08-25 15:01 . 2004-08-04 03:29   12063 c:\windows\SYSTEM32\DLLCACHE\wsiintxx.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   11776 c:\windows\SYSTEM32\DLLCACHE\wshrm.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   11776 c:\windows\SYSTEM32\DLLCACHE\wshisn.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14336 c:\windows\SYSTEM32\DLLCACHE\wship6.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   65536 c:\windows\SYSTEM32\DLLCACHE\wshext.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   28672 c:\windows\SYSTEM32\DLLCACHE\wshcon.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   81408 c:\windows\SYSTEM32\DLLCACHE\wscsvc.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   13824 c:\windows\SYSTEM32\DLLCACHE\wscntfy.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   12032 c:\windows\SYSTEM32\DLLCACHE\ws2ifsl.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   32256 c:\windows\SYSTEM32\DLLCACHE\wpnpinst.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   32256 c:\windows\SYSTEM32\DLLCACHE\wpabaln.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   13824 c:\windows\SYSTEM32\DLLCACHE\wowfaxui.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   10368 c:\windows\SYSTEM32\DLLCACHE\wowexec.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   95232 c:\windows\SYSTEM32\DLLCACHE\wmiutils.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   52224 c:\windows\SYSTEM32\DLLCACHE\wmitimep.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   55808 c:\windows\SYSTEM32\DLLCACHE\wmiscmgr.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   41472 c:\windows\SYSTEM32\DLLCACHE\wmipsess.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\wmiprop.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   62976 c:\windows\SYSTEM32\DLLCACHE\wmipjobj.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   62464 c:\windows\SYSTEM32\DLLCACHE\wmipiprt.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   75264 c:\windows\SYSTEM32\DLLCACHE\wmipicmp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   61440 c:\windows\SYSTEM32\DLLCACHE\wmimsg.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   60928 c:\windows\SYSTEM32\DLLCACHE\wmicookr.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   89088 c:\windows\SYSTEM32\DLLCACHE\wmiaprpl.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   45568 c:\windows\SYSTEM32\DLLCACHE\wmi2xml.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51200 c:\windows\SYSTEM32\DLLCACHE\wmerrenu.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   92672 c:\windows\SYSTEM32\DLLCACHE\wlnotify.dll
+ 2010-08-25 15:01 . 2001-08-17 17:12   34890 c:\windows\SYSTEM32\DLLCACHE\wlandrv2.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   25088 c:\windows\SYSTEM32\DLLCACHE\wisc10.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\winstrm.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   17408 c:\windows\SYSTEM32\DLLCACHE\winshfhc.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   99328 c:\windows\SYSTEM32\DLLCACHE\winscard.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\winrnr.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   11776 c:\windows\SYSTEM32\DLLCACHE\winmsd.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   16384 c:\windows\SYSTEM32\DLLCACHE\winmgmtr.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   13312 c:\windows\SYSTEM32\DLLCACHE\winmgmt.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   32768 c:\windows\SYSTEM32\DLLCACHE\winipsec.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   35328 c:\windows\SYSTEM32\DLLCACHE\winchat.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   13312 c:\windows\SYSTEM32\DLLCACHE\win87em.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   75776 c:\windows\SYSTEM32\DLLCACHE\wiascr.dll
+ 2010-08-25 15:01 . 2001-08-18 03:36   53760 c:\windows\SYSTEM32\DLLCACHE\wiamsmud.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   13600 c:\windows\SYSTEM32\DLLCACHE\wfwnet.drv
+ 2004-08-04 10:00 . 2004-08-04 10:00   65536 c:\windows\SYSTEM32\DLLCACHE\wextract.exe
+ 2010-08-25 15:01 . 2004-08-04 10:00   31232 c:\windows\SYSTEM32\DLLCACHE\weitekp9.sys
+ 2010-08-25 15:01 . 2004-08-04 10:00   41600 c:\windows\SYSTEM32\DLLCACHE\weitekp9.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   40448 c:\windows\SYSTEM32\DLLCACHE\webhits.dll
+ 2004-08-04 10:00 . 2006-01-04 03:35   68096 c:\windows\SYSTEM32\DLLCACHE\webclnt.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   49152 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
+ 2010-08-25 15:01 . 2004-08-04 03:29   23615 c:\windows\SYSTEM32\DLLCACHE\wch7xxnt.sys
+ 2010-08-25 15:01 . 2004-08-04 04:08   31744 c:\windows\SYSTEM32\DLLCACHE\wceusbsh.sys
+ 2010-08-25 15:01 . 2001-08-17 17:10   35871 c:\windows\SYSTEM32\DLLCACHE\wbfirdma.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   43520 c:\windows\SYSTEM32\DLLCACHE\wbemsvc.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\wbemprox.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   43008 c:\windows\SYSTEM32\DLLCACHE\wbemperf.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   71680 c:\windows\SYSTEM32\DLLCACHE\wbemcons.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   12288 c:\windows\SYSTEM32\DLLCACHE\wbemads.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   12288 c:\windows\SYSTEM32\DLLCACHE\wb32.exe
+ 2010-08-25 15:01 . 2004-08-04 03:29   25471 c:\windows\SYSTEM32\DLLCACHE\watv10nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   22271 c:\windows\SYSTEM32\DLLCACHE\watv06nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   33599 c:\windows\SYSTEM32\DLLCACHE\watv04nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   19551 c:\windows\SYSTEM32\DLLCACHE\watv02nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   29311 c:\windows\SYSTEM32\DLLCACHE\watv01nt.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   17664 c:\windows\SYSTEM32\DLLCACHE\watchdog.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   34560 c:\windows\SYSTEM32\DLLCACHE\wanarp.sys
+ 2010-08-25 15:01 . 2004-08-04 10:00   53248 c:\windows\SYSTEM32\DLLCACHE\wamreg51.dll
+ 2010-08-25 15:01 . 2004-08-04 10:00   76800 c:\windows\SYSTEM32\DLLCACHE\wam51.dll
+ 2010-08-25 15:01 . 2004-08-04 03:29   11935 c:\windows\SYSTEM32\DLLCACHE\wadv11nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   11871 c:\windows\SYSTEM32\DLLCACHE\wadv09nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   11295 c:\windows\SYSTEM32\DLLCACHE\wadv08nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   11807 c:\windows\SYSTEM32\DLLCACHE\wadv07nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   11775 c:\windows\SYSTEM32\DLLCACHE\wadv05nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   12127 c:\windows\SYSTEM32\DLLCACHE\wadv02nt.sys
+ 2010-08-25 15:01 . 2004-08-04 03:29   12415 c:\windows\SYSTEM32\DLLCACHE\wadv01nt.sys
+ 2010-08-25 15:01 . 2004-08-04 04:04   13568 c:\windows\SYSTEM32\DLLCACHE\wacompen.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   30208 c:\windows\SYSTEM32\DLLCACHE\wabmig.exe
+ 2004-08-04 10:00 . 2006-03-17 09:07   85504 c:\windows\SYSTEM32\DLLCACHE\wabimp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   32768 c:\windows\SYSTEM32\DLLCACHE\wabfind.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   46080 c:\windows\SYSTEM32\DLLCACHE\wab.exe
+ 2010-08-25 15:01 . 2001-08-17 17:13   16925 c:\windows\SYSTEM32\DLLCACHE\w940nd.sys
+ 2010-08-25 15:00 . 2001-08-17 17:13   19528 c:\windows\SYSTEM32\DLLCACHE\w840nd.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   15872 c:\windows\SYSTEM32\DLLCACHE\w3ssl.dll
+ 2010-08-25 15:00 . 2004-08-04 10:00   73728 c:\windows\SYSTEM32\DLLCACHE\w3ext.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   22016 c:\windows\SYSTEM32\DLLCACHE\w32topl.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   49664 c:\windows\SYSTEM32\DLLCACHE\w32tm.exe
+ 2010-08-25 15:00 . 2004-08-04 10:00   48256 c:\windows\SYSTEM32\DLLCACHE\w32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   19456 c:\windows\SYSTEM32\DLLCACHE\vwipxspx.dll
+ 2010-08-25 15:00 . 2001-08-17 18:28   64605 c:\windows\SYSTEM32\DLLCACHE\vvoice.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   33792 c:\windows\SYSTEM32\DLLCACHE\vssadmin.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\vss_ps.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   52352 c:\windows\SYSTEM32\DLLCACHE\volsnap.sys
+ 2010-08-25 15:00 . 2004-08-04 10:00   86073 c:\windows\SYSTEM32\DLLCACHE\voicesub.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\vmmreg32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   79744 c:\windows\SYSTEM32\DLLCACHE\videoprt.sys
+ 2010-08-25 15:00 . 2001-08-17 18:49   24576 c:\windows\SYSTEM32\DLLCACHE\viairda.sys
+ 2004-08-04 04:07 . 2004-08-04 04:07   42240 c:\windows\SYSTEM32\DLLCACHE\viaagp.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   18176 c:\windows\SYSTEM32\DLLCACHE\vga64k.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51456 c:\windows\SYSTEM32\DLLCACHE\vga256.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   20992 c:\windows\SYSTEM32\DLLCACHE\vga.sys
+ 2010-08-25 15:00 . 2004-08-04 05:56   53760 c:\windows\SYSTEM32\DLLCACHE\vfwwdm32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\version.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   98304 c:\windows\SYSTEM32\DLLCACHE\verifier.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   13312 c:\windows\SYSTEM32\DLLCACHE\verifier.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51712 c:\windows\SYSTEM32\DLLCACHE\vdmredir.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   58112 c:\windows\SYSTEM32\DLLCACHE\vdmindvd.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\vdmdbg.dll
+ 2010-08-25 15:00 . 2004-08-04 05:56   11325 c:\windows\SYSTEM32\DLLCACHE\vchnt5.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   30749 c:\windows\SYSTEM32\DLLCACHE\vbajet32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   50176 c:\windows\SYSTEM32\DLLCACHE\utilman.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   25600 c:\windows\SYSTEM32\DLLCACHE\utildll.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   49211 c:\windows\SYSTEM32\DLLCACHE\usrvpa.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   45116 c:\windows\SYSTEM32\DLLCACHE\usrvoica.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   49209 c:\windows\SYSTEM32\DLLCACHE\usrv80a.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   41019 c:\windows\SYSTEM32\DLLCACHE\usrsvpia.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   69700 c:\windows\SYSTEM32\DLLCACHE\usrshuta.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   49211 c:\windows\SYSTEM32\DLLCACHE\usrsdpia.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   77883 c:\windows\SYSTEM32\DLLCACHE\usrrtosa.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   61508 c:\windows\SYSTEM32\DLLCACHE\usrprbda.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   77891 c:\windows\SYSTEM32\DLLCACHE\usrmlnka.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   53305 c:\windows\SYSTEM32\DLLCACHE\usrlbva.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   86073 c:\windows\SYSTEM32\DLLCACHE\usrfaxa.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   77890 c:\windows\SYSTEM32\DLLCACHE\usrdpa.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   69699 c:\windows\SYSTEM32\DLLCACHE\usrcoina.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   61500 c:\windows\SYSTEM32\DLLCACHE\usrcntra.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   24576 c:\windows\SYSTEM32\DLLCACHE\userinit.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   47872 c:\windows\SYSTEM32\DLLCACHE\user.exe
+ 2010-08-25 15:00 . 2004-08-04 04:10   78464 c:\windows\SYSTEM32\DLLCACHE\usbvideo.sys
+ 2010-08-25 14:59 . 2004-08-04 04:08   17024 c:\windows\SYSTEM32\DLLCACHE\usbohci.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\usbmon.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   16000 c:\windows\SYSTEM32\DLLCACHE\usbintel.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   26624 c:\windows\SYSTEM32\DLLCACHE\usbehci.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   23936 c:\windows\SYSTEM32\DLLCACHE\usbcamd2.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   23808 c:\windows\SYSTEM32\DLLCACHE\usbcamd.sys
+ 2010-08-25 14:59 . 2004-08-04 04:07   59264 c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys
+ 2010-08-25 14:59 . 2004-08-04 04:04   12672 c:\windows\SYSTEM32\DLLCACHE\usb8023x.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   12672 c:\windows\SYSTEM32\DLLCACHE\usb8023.sys
+ 2010-08-25 14:59 . 2004-08-04 03:31   32384 c:\windows\SYSTEM32\DLLCACHE\usb101et.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   17920 c:\windows\SYSTEM32\DLLCACHE\ureg.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18432 c:\windows\SYSTEM32\DLLCACHE\ups.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\upnpcont.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\unsecapp.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   13824 c:\windows\SYSTEM32\DLLCACHE\uniplat.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   74240 c:\windows\SYSTEM32\DLLCACHE\unimdmat.dll
+ 2010-08-25 14:59 . 2004-08-04 10:00   76288 c:\windows\SYSTEM32\DLLCACHE\uniime.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   32339 c:\windows\SYSTEM32\DLLCACHE\uniansi.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   94720 c:\windows\SYSTEM32\DLLCACHE\umaxud32.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   28160 c:\windows\SYSTEM32\DLLCACHE\umaxu40.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   26624 c:\windows\SYSTEM32\DLLCACHE\umaxu22.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   69632 c:\windows\SYSTEM32\DLLCACHE\umaxu12.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   50688 c:\windows\SYSTEM32\DLLCACHE\umaxscan.dll
+ 2010-08-25 14:59 . 2001-08-17 18:58   22912 c:\windows\SYSTEM32\DLLCACHE\umaxpcls.sys
+ 2010-08-25 14:59 . 2001-08-18 03:36   50176 c:\windows\SYSTEM32\DLLCACHE\umaxp60.dll
+ 2010-08-25 14:59 . 2001-08-18 03:36   47616 c:\windows\SYSTEM32\DLLCACHE\umaxcam.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   35840 c:\windows\SYSTEM32\DLLCACHE\umandlg.dll
+ 2001-08-17 18:52 . 2001-08-17 18:52   36736 c:\windows\SYSTEM32\DLLCACHE\ultra.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   82432 c:\windows\SYSTEM32\DLLCACHE\ufat.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   25600 c:\windows\SYSTEM32\DLLCACHE\udhisapi.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   66176 c:\windows\SYSTEM32\DLLCACHE\udfs.sys
+ 2010-08-25 14:59 . 2004-08-04 04:07   44672 c:\windows\SYSTEM32\DLLCACHE\uagp35.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   36352 c:\windows\SYSTEM32\DLLCACHE\typeperf.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   25600 c:\windows\SYSTEM32\DLLCACHE\twunk_32.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   49680 c:\windows\SYSTEM32\DLLCACHE\twunk_16.exe
+ 2010-08-25 14:59 . 2001-08-17 18:48   11520 c:\windows\SYSTEM32\DLLCACHE\twotrack.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   44032 c:\windows\SYSTEM32\DLLCACHE\twext.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   50688 c:\windows\SYSTEM32\DLLCACHE\twain_32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   94784 c:\windows\SYSTEM32\DLLCACHE\twain.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   12416 c:\windows\SYSTEM32\DLLCACHE\tunmp.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\tsshutdn.exe
+ 2010-08-25 14:59 . 2004-08-04 10:00   14336 c:\windows\SYSTEM32\DLLCACHE\tsprof.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   16384 c:\windows\SYSTEM32\DLLCACHE\tskill.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\tsdiscon.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   12168 c:\windows\SYSTEM32\DLLCACHE\tsddd.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   15360 c:\windows\SYSTEM32\DLLCACHE\tsd32.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   44544 c:\windows\SYSTEM32\DLLCACHE\tscupgrd.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\tscon.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   93696 c:\windows\SYSTEM32\DLLCACHE\tscfgwmi.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   21376 c:\windows\SYSTEM32\DLLCACHE\tsbvcap.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   52224 c:\windows\SYSTEM32\DLLCACHE\tsappcmp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   59904 c:\windows\SYSTEM32\DLLCACHE\trnsprov.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   90624 c:\windows\SYSTEM32\DLLCACHE\trkwks.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   40960 c:\windows\SYSTEM32\DLLCACHE\trialoc.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   31232 c:\windows\SYSTEM32\DLLCACHE\traffic.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   31744 c:\windows\SYSTEM32\DLLCACHE\tracert6.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   12288 c:\windows\SYSTEM32\DLLCACHE\tracert.exe
+ 2010-08-25 14:58 . 2001-08-17 17:12   34375 c:\windows\SYSTEM32\DLLCACHE\tpro4.sys
+ 2010-08-25 14:58 . 2001-08-18 03:35   42496 c:\windows\SYSTEM32\DLLCACHE\tp4res.dll
+ 2010-08-25 14:58 . 2004-08-04 05:56   82432 c:\windows\SYSTEM32\DLLCACHE\tp4mon.exe
+ 2010-08-25 14:58 . 2001-08-18 03:36   31744 c:\windows\SYSTEM32\DLLCACHE\tp4.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51712 c:\windows\SYSTEM32\DLLCACHE\tosdvd.sys
+ 2010-08-25 14:58 . 2001-08-17 17:10   28232 c:\windows\SYSTEM32\DLLCACHE\tos4mo.sys
+ 2010-08-25 14:58 . 2004-08-04 10:00   31232 c:\windows\SYSTEM32\DLLCACHE\tools.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   13888 c:\windows\SYSTEM32\DLLCACHE\toolhelp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   61952 c:\windows\SYSTEM32\DLLCACHE\tmplprov.dll
+ 2010-08-25 14:58 . 2004-08-04 10:00   10240 c:\windows\SYSTEM32\DLLCACHE\tmigrate.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   73216 c:\windows\SYSTEM32\DLLCACHE\tlntsvr.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   78336 c:\windows\SYSTEM32\DLLCACHE\tlntsess.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   61440 c:\windows\SYSTEM32\DLLCACHE\tlntadmn.exe
+ 2010-08-25 14:58 . 2004-08-04 10:00   44032 c:\windows\SYSTEM32\DLLCACHE\tintlphr.exe
+ 2010-08-25 14:58 . 2001-08-17 19:56   81408 c:\windows\SYSTEM32\DLLCACHE\tgiul50.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\tftp.exe
+ 2004-08-04 06:01 . 2004-08-04 06:01   40840 c:\windows\SYSTEM32\DLLCACHE\termdd.sys
+ 2004-08-04 10:00 . 2005-05-10 23:45   75776 c:\windows\SYSTEM32\DLLCACHE\telnet.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   21896 c:\windows\SYSTEM32\DLLCACHE\tdtcp.sys
+ 2010-08-25 14:58 . 2004-08-04 10:00   19464 c:\windows\SYSTEM32\DLLCACHE\tdspx.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   12040 c:\windows\SYSTEM32\DLLCACHE\tdpipe.sys
+ 2010-08-25 14:58 . 2001-08-17 17:13   17129 c:\windows\SYSTEM32\DLLCACHE\tdkcd31.sys
+ 2010-08-25 14:58 . 2001-08-17 17:13   37961 c:\windows\SYSTEM32\DLLCACHE\tdk100b.sys
+ 2010-08-25 14:58 . 2004-08-04 10:00   21896 c:\windows\SYSTEM32\DLLCACHE\tdipx.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   18560 c:\windows\SYSTEM32\DLLCACHE\tdi.sys
+ 2010-08-25 14:58 . 2004-08-04 10:00   13192 c:\windows\SYSTEM32\DLLCACHE\tdasync.sys
+ 2010-08-25 14:37 . 2003-03-24 21:52   16384 c:\windows\SYSTEM32\DLLCACHE\tcptsat.dll
+ 2010-08-25 14:37 . 2003-03-24 21:52   32827 c:\windows\SYSTEM32\DLLCACHE\tcptest.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   19456 c:\windows\SYSTEM32\DLLCACHE\tcpsvcs.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   45568 c:\windows\SYSTEM32\DLLCACHE\tcpmonui.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   45568 c:\windows\SYSTEM32\DLLCACHE\tcpmon.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\tcpmib.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   12288 c:\windows\SYSTEM32\DLLCACHE\tcmsetup.exe
+ 2010-08-25 14:58 . 2001-08-17 18:49   30464 c:\windows\SYSTEM32\DLLCACHE\tbatm155.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   15360 c:\windows\SYSTEM32\DLLCACHE\taskman.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   72192 c:\windows\SYSTEM32\DLLCACHE\tasklist.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   72192 c:\windows\SYSTEM32\DLLCACHE\taskkill.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   78848 c:\windows\SYSTEM32\DLLCACHE\tapiui.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   19200 c:\windows\SYSTEM32\DLLCACHE\tapi.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14976 c:\windows\SYSTEM32\DLLCACHE\tape.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   33792 c:\windows\SYSTEM32\DLLCACHE\tabletoc.dll
+ 2010-08-25 14:57 . 2001-08-17 17:50   36640 c:\windows\SYSTEM32\DLLCACHE\t2r4mini.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   36864 c:\windows\SYSTEM32\DLLCACHE\syskey.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   15872 c:\windows\SYSTEM32\DLLCACHE\sysinv.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   68096 c:\windows\SYSTEM32\DLLCACHE\sysinfo.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   18896 c:\windows\SYSTEM32\DLLCACHE\sysedit.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   57856 c:\windows\SYSTEM32\DLLCACHE\synceng.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   51200 c:\windows\SYSTEM32\DLLCACHE\syncapp.exe
+ 2001-08-17 19:07 . 2001-08-17 19:07   32640 c:\windows\SYSTEM32\DLLCACHE\symc8xx.sys
+ 2001-08-17 19:07 . 2001-08-17 19:07   16256 c:\windows\SYSTEM32\DLLCACHE\symc810.sys
+ 2001-08-17 19:07 . 2001-08-17 19:07   30688 c:\windows\SYSTEM32\DLLCACHE\sym_u3.sys
+ 2001-08-17 19:07 . 2001-08-17 19:07   28384 c:\windows\SYSTEM32\DLLCACHE\sym_hi.sys
+ 2010-08-25 14:57 . 2001-08-18 03:36   94293 c:\windows\SYSTEM32\DLLCACHE\sxports.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   10240 c:\windows\SYSTEM32\DLLCACHE\swpidflt.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   10240 c:\windows\SYSTEM32\DLLCACHE\swpdflt2.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   53760 c:\windows\SYSTEM32\DLLCACHE\sw_wheel.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   41472 c:\windows\SYSTEM32\DLLCACHE\sw_effct.dll
+ 2010-08-25 14:57 . 2004-08-04 10:00   46592 c:\windows\SYSTEM32\DLLCACHE\svcext51.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   75776 c:\windows\SYSTEM32\DLLCACHE\strmfilt.dll
+ 2010-08-25 14:57 . 2004-08-04 04:10   15360 c:\windows\SYSTEM32\DLLCACHE\streamip.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   48640 c:\windows\SYSTEM32\DLLCACHE\stream.sys
+ 2004-08-04 05:56 . 2004-08-04 05:56   74752 c:\windows\SYSTEM32\DLLCACHE\storprop.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   53248 c:\windows\SYSTEM32\DLLCACHE\stlncoin.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\stimon.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   67584 c:\windows\SYSTEM32\DLLCACHE\sti.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   86528 c:\windows\SYSTEM32\DLLCACHE\stdprov.dll
+ 2010-08-25 14:57 . 2001-08-17 18:51   16896 c:\windows\SYSTEM32\DLLCACHE\stcusb.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   54272 c:\windows\SYSTEM32\DLLCACHE\stclient.dll
+ 2010-08-25 14:57 . 2004-08-04 10:00   16896 c:\windows\SYSTEM32\DLLCACHE\status.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   33280 c:\windows\SYSTEM32\DLLCACHE\sstub.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14336 c:\windows\SYSTEM32\DLLCACHE\ssstars.scr
+ 2010-08-25 14:57 . 2004-08-04 10:00   46592 c:\windows\SYSTEM32\DLLCACHE\sspifilt.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\ssmyst.scr
+ 2004-08-04 10:00 . 2004-08-04 10:00   47104 c:\windows\SYSTEM32\DLLCACHE\ssmypics.scr
+ 2004-08-04 10:00 . 2004-08-04 10:00   20992 c:\windows\SYSTEM32\DLLCACHE\ssmarque.scr
+ 2010-08-25 14:57 . 2004-08-04 10:00   45056 c:\windows\SYSTEM32\DLLCACHE\ssinc51.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   71680 c:\windows\SYSTEM32\DLLCACHE\ssdpsrv.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   34816 c:\windows\SYSTEM32\DLLCACHE\ssdpapi.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   19968 c:\windows\SYSTEM32\DLLCACHE\ssbezier.scr
+ 2010-08-25 14:57 . 2001-08-17 17:11   48736 c:\windows\SYSTEM32\DLLCACHE\srwlnd5.sys
+ 2004-08-04 10:00 . 2004-12-07 19:32   96768 c:\windows\SYSTEM32\DLLCACHE\srvsvc.dll
+ 2010-08-25 14:57 . 2001-08-18 03:36   99328 c:\windows\SYSTEM32\DLLCACHE\srusd.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   47104 c:\windows\SYSTEM32\DLLCACHE\srdiag.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   67584 c:\windows\SYSTEM32\DLLCACHE\srclient.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   58434 c:\windows\SYSTEM32\DLLCACHE\srchctls.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   73472 c:\windows\SYSTEM32\DLLCACHE\sr.sys
+ 2010-08-25 14:57 . 2001-08-18 03:36   24660 c:\windows\SYSTEM32\DLLCACHE\spxupchk.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   24661 c:\windows\SYSTEM32\DLLCACHE\spxcoins.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   72192 c:\windows\SYSTEM32\DLLCACHE\sprio800.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   70656 c:\windows\SYSTEM32\DLLCACHE\sprio600.dll
+ 2004-08-04 10:00 . 2005-06-10 23:53   57856 c:\windows\SYSTEM32\DLLCACHE\spoolsv.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   74752 c:\windows\SYSTEM32\DLLCACHE\spoolss.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   11776 c:\windows\SYSTEM32\DLLCACHE\spnpinst.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   69632 c:\windows\SYSTEM32\DLLCACHE\spnike.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   12800 c:\windows\SYSTEM32\DLLCACHE\spiisupd.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   62976 c:\windows\SYSTEM32\DLLCACHE\spgrmr.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   61440 c:\windows\SYSTEM32\DLLCACHE\spcplui.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   77824 c:\windows\SYSTEM32\DLLCACHE\spcommon.dll
+ 2001-08-17 19:07 . 2001-08-17 19:07   19072 c:\windows\SYSTEM32\DLLCACHE\sparrow.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   23552 c:\windows\SYSTEM32\DLLCACHE\sort.exe
+ 2010-08-25 14:56 . 2001-08-17 17:51   37040 c:\windows\SYSTEM32\DLLCACHE\sonypi.sys
+ 2010-08-25 14:56 . 2001-08-17 17:51   20752 c:\windows\SYSTEM32\DLLCACHE\sonync.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   25472 c:\windows\SYSTEM32\DLLCACHE\sonydcam.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   56832 c:\windows\SYSTEM32\DLLCACHE\sol.exe
+ 2010-08-25 14:56 . 2004-08-04 10:00   40448 c:\windows\SYSTEM32\DLLCACHE\snmpthrd.dll
+ 2010-08-25 14:56 . 2004-08-04 10:00   10240 c:\windows\SYSTEM32\DLLCACHE\snmpstup.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\snmpapi.dll
+ 2010-08-25 14:56 . 2004-08-04 10:00   32768 c:\windows\SYSTEM32\DLLCACHE\snmp.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   34816 c:\windows\SYSTEM32\DLLCACHE\sniffpol.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   40960 c:\windows\SYSTEM32\DLLCACHE\smtpcons.dll
+ 2010-08-25 14:56 . 2004-08-04 10:00   10752 c:\windows\SYSTEM32\DLLCACHE\smtpapi.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   50688 c:\windows\SYSTEM32\DLLCACHE\smss.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   89600 c:\windows\SYSTEM32\DLLCACHE\smlogsvc.exe
+ 2010-08-25 14:56 . 2001-08-17 17:51   58368 c:\windows\SYSTEM32\DLLCACHE\smiminib.sys
+ 2010-08-25 14:56 . 2004-08-04 10:00   15872 c:\windows\SYSTEM32\DLLCACHE\smierrsm.dll
+ 2010-08-25 14:56 . 2001-08-17 17:12   25034 c:\windows\SYSTEM32\DLLCACHE\smcpwr2n.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   14592 c:\windows\SYSTEM32\DLLCACHE\smclib.sys
+ 2010-08-25 14:56 . 2001-08-17 17:10   35913 c:\windows\SYSTEM32\DLLCACHE\smcirda.sys
+ 2010-08-25 14:56 . 2001-08-17 17:12   24576 c:\windows\SYSTEM32\DLLCACHE\smc8000n.sys
+ 2010-08-25 14:56 . 2004-08-04 04:07   16128 c:\windows\SYSTEM32\DLLCACHE\smbbatt.sys
+ 2010-08-25 14:56 . 2004-08-04 10:00   31744 c:\windows\SYSTEM32\DLLCACHE\smb6w.dll
+ 2010-08-25 14:56 . 2001-08-18 03:36   45568 c:\windows\SYSTEM32\DLLCACHE\smb3w.dll
+ 2010-08-25 14:56 . 2001-08-18 03:36   33792 c:\windows\SYSTEM32\DLLCACHE\smb0w.dll
+ 2010-08-25 14:56 . 2004-08-04 10:00   31744 c:\windows\SYSTEM32\DLLCACHE\sma3w.dll
+ 2010-08-25 14:55 . 2001-08-18 03:36   28672 c:\windows\SYSTEM32\DLLCACHE\sma0w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26624 c:\windows\SYSTEM32\DLLCACHE\sm93w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26624 c:\windows\SYSTEM32\DLLCACHE\sm92w.dll
+ 2010-08-25 14:55 . 2001-08-18 03:36   28160 c:\windows\SYSTEM32\DLLCACHE\sm91w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\sm90w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\sm8dw.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   29184 c:\windows\SYSTEM32\DLLCACHE\sm8cw.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\sm8aw.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\sm89w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   30208 c:\windows\SYSTEM32\DLLCACHE\sm87w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   30208 c:\windows\SYSTEM32\DLLCACHE\sm81w.dll
+ 2010-08-25 14:55 . 2004-08-04 10:00   25088 c:\windows\SYSTEM32\DLLCACHE\sm59w.dll
+ 2010-08-25 14:55 . 2004-08-04 03:41   13240 c:\windows\SYSTEM32\DLLCACHE\slwdmsup.sys
+ 2010-08-25 14:55 . 2004-08-04 05:56   73796 c:\windows\SYSTEM32\DLLCACHE\slserv.exe
+ 2010-08-25 14:55 . 2004-08-04 05:56   32866 c:\windows\SYSTEM32\DLLCACHE\slrundll.exe
+ 2010-08-25 14:55 . 2004-08-04 03:41   95424 c:\windows\SYSTEM32\DLLCACHE\slnthal.sys
+ 2010-08-25 14:55 . 2004-08-04 04:10   11136 c:\windows\SYSTEM32\DLLCACHE\slip.sys
+ 2010-08-25 14:55 . 2004-08-04 05:56   73832 c:\windows\SYSTEM32\DLLCACHE\slcoinst.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\slbrccsp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   98304 c:\windows\SYSTEM32\DLLCACHE\slbiop.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   25088 c:\windows\SYSTEM32\DLLCACHE\slayerxp.dll
+ 2010-08-25 14:55 . 2004-08-04 03:31   63547 c:\windows\SYSTEM32\DLLCACHE\sla30nd5.sys
+ 2010-08-25 14:55 . 2001-08-17 17:12   91294 c:\windows\SYSTEM32\DLLCACHE\skfpwin.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   26112 c:\windows\SYSTEM32\DLLCACHE\skeys.exe
+ 2010-08-25 14:55 . 2001-08-17 17:12   94698 c:\windows\SYSTEM32\DLLCACHE\sk98xwin.sys
+ 2010-08-25 14:55 . 2001-08-17 17:50   50432 c:\windows\SYSTEM32\DLLCACHE\sisv.sys
+ 2010-08-25 14:55 . 2004-08-04 03:31   32768 c:\windows\SYSTEM32\DLLCACHE\sisnic.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   13824 c:\windows\SYSTEM32\DLLCACHE\sisbkup.dll
+ 2004-08-04 04:07 . 2004-08-04 04:07   41088 c:\windows\SYSTEM32\DLLCACHE\sisagp.sys
+ 2010-08-25 14:55 . 2001-08-17 17:50   68608 c:\windows\SYSTEM32\DLLCACHE\sis6306p.sys
+ 2010-08-25 14:55 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\simptcp.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   70144 c:\windows\SYSTEM32\DLLCACHE\sigverif.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   13312 c:\windows\SYSTEM32\DLLCACHE\sigtab.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   42573 c:\windows\SYSTEM32\DLLCACHE\shvlzm.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   66113 c:\windows\SYSTEM32\DLLCACHE\shvl.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   19456 c:\windows\SYSTEM32\DLLCACHE\shutdown.exe
+ 2010-08-25 14:37 . 2003-03-24 21:52   16437 c:\windows\SYSTEM32\DLLCACHE\shtml.exe
+ 2010-08-25 14:37 . 2003-03-24 21:52   20536 c:\windows\SYSTEM32\DLLCACHE\shtml.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   27648 c:\windows\SYSTEM32\DLLCACHE\shscrap.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   77824 c:\windows\SYSTEM32\DLLCACHE\shrpubw.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   42496 c:\windows\SYSTEM32\DLLCACHE\shmgrate.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   68096 c:\windows\SYSTEM32\DLLCACHE\shgina.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   14848 c:\windows\SYSTEM32\DLLCACHE\shadow.exe
+ 2010-08-25 14:55 . 2001-07-21 19:29   18400 c:\windows\SYSTEM32\DLLCACHE\sgsmld.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   23552 c:\windows\SYSTEM32\DLLCACHE\sfmapi.dll
+ 2010-08-25 14:54 . 2001-08-17 17:19   36480 c:\windows\SYSTEM32\DLLCACHE\sfmanm.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   11392 c:\windows\SYSTEM32\DLLCACHE\sfloppy.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   10240 c:\windows\SYSTEM32\DLLCACHE\sffp_sd.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   11136 c:\windows\SYSTEM32\DLLCACHE\sffdisk.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   73216 c:\windows\SYSTEM32\DLLCACHE\setup50.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   23040 c:\windows\SYSTEM32\DLLCACHE\setup.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   31232 c:\windows\SYSTEM32\DLLCACHE\sethc.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   56320 c:\windows\SYSTEM32\DLLCACHE\servdeps.dll
+ 2010-08-25 14:54 . 2001-08-17 18:48   17664 c:\windows\SYSTEM32\DLLCACHE\sermouse.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   14336 c:\windows\SYSTEM32\DLLCACHE\serialui.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   64896 c:\windows\SYSTEM32\DLLCACHE\serial.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   15488 c:\windows\SYSTEM32\DLLCACHE\serenum.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   13824 c:\windows\SYSTEM32\DLLCACHE\senscfg.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   38912 c:\windows\SYSTEM32\DLLCACHE\sens.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   55296 c:\windows\SYSTEM32\DLLCACHE\sendmail.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   29184 c:\windows\SYSTEM32\DLLCACHE\sendcmsg.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18944 c:\windows\SYSTEM32\DLLCACHE\seclogon.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   18432 c:\windows\SYSTEM32\DLLCACHE\secedit.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   29184 c:\windows\SYSTEM32\DLLCACHE\sdhcinst.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   67584 c:\windows\SYSTEM32\DLLCACHE\sdbus.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   77312 c:\windows\SYSTEM32\DLLCACHE\sdbinst.exe
+ 2010-08-25 14:54 . 2001-08-17 18:53   10880 c:\windows\SYSTEM32\DLLCACHE\scsiscan.sys
+ 2010-08-25 14:54 . 2001-08-17 18:52   11648 c:\windows\SYSTEM32\DLLCACHE\scsiprnt.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   96256 c:\windows\SYSTEM32\DLLCACHE\scsiport.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   10240 c:\windows\SYSTEM32\DLLCACHE\scriptpw.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   26624 c:\windows\SYSTEM32\DLLCACHE\scredir.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   36864 c:\windows\SYSTEM32\DLLCACHE\scrcons.exe
+ 2010-08-25 14:54 . 2001-08-17 18:51   17280 c:\windows\SYSTEM32\DLLCACHE\scr111.sys
+ 2010-08-25 14:54 . 2001-08-17 18:51   16640 c:\windows\SYSTEM32\DLLCACHE\scmstcs.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   20992 c:\windows\SYSTEM32\DLLCACHE\sclgntfy.dll
+ 2010-08-25 14:54 . 2001-08-17 18:51   23936 c:\windows\SYSTEM32\DLLCACHE\sccmusbm.sys
+ 2010-08-25 14:54 . 2001-08-17 18:51   23936 c:\windows\SYSTEM32\DLLCACHE\sccmn50m.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   95744 c:\windows\SYSTEM32\DLLCACHE\scardsvr.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   69632 c:\windows\SYSTEM32\DLLCACHE\scarddlg.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   31232 c:\windows\SYSTEM32\DLLCACHE\sc.exe
+ 2010-08-25 14:54 . 2004-08-04 03:59   43136 c:\windows\SYSTEM32\DLLCACHE\sbp2port.sys
+ 2004-08-04 10:00 . 2004-08-04 10:00   13312 c:\windows\SYSTEM32\DLLCACHE\savedump.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   36864 c:\windows\SYSTEM32\DLLCACHE\sapisvr.exe
+ 2004-08-04 10:00 . 2004-08-04 10:00   45568 c:\windows\SYSTEM32\DLLCACHE\safrslv.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   29696 c:\windows\SYSTEM32\DLLCACHE\safrdm.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   43520 c:\windows\SYSTEM32\DLLCACHE\safrcdlg.dll
+ 2010-08-25 14:54 . 2001-08-17 17:50   75392 c:\windows\SYSTEM32\DLLCACHE\s3savmxm.sys
+ 2010-08-25 14:54 . 2001-08-17 17:50   77824 c:\windows\SYSTEM32\DLLCACHE\s3sav4m.sys
+ 2010-08-25 14:54 . 2001-08-17 17:50   61504 c:\windows\SYSTEM32\DLLCACHE\s3sav3dm.sys
+ 2010-08-25 14:53 . 2001-08-18 03:36   62496 c:\windows\SYSTEM32\DLLCACHE\s3mtrio.dll
+ 2010-08-25 14:53 . 2001-08-17 17:50   41216 c:\windows\SYSTEM32\DLLCACHE\s3mt3d.sys
+ 2010-08-25 14:53 . 2001-08-17 18:57   65664 c:\windows\SYSTEM32\DLLCACHE\s3legacy.sys
+ 2010-08-25 14:37 . 2001-08-17 19:56   66048 c:\windows\SYSTEM32\DLLCACHE\s3legacy.dll
+ 2004-08-04 10:00 . 2004-08-04 10:00   15872 c:\windows\SYS

SuperDave · « **Reply #19 on:** August 30, 2010, 01:11:58 PM »

We're still getting the message that explorer.exe is infected. Let's try this one more time. Please run the bat file and then the ComboFix scan.

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

Copy all of the text in the below Code box into Notepad.

Code: [Select]

@echo off
copy c:\i386\explorer.exe\ c:\windows\explorer.exe  
del event.bat
exit

In Notepad go to File > Save as, choose to save it to your desktop and name it event.bat

Now double click the event.bat file you just created and let it finish.

You will know it's finished when there is a new file on your desktop.
*******************************************

danldo · « **Reply #20 on:** August 31, 2010, 10:43:18 AM »

Here is the new log.
Thanks
ComboFix 10-08-30.02 - egomez 08/31/2010 10:19:20.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.485 [GMT -5:00]
Running from: c:\documents and settings\egomez.DRGOMEZ\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . is infected!!

Infected copy of c:\windows\SYSTEM32\winlogon.exe was found and disinfected
Restored copy from - c:\i386\WINLOGON.EXE

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-26 15:46 . 2010-08-26 15:46   --------   d-----w-   c:\windows\system32\wbem\Repository
2010-08-25 15:02 . 2004-08-04 05:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2010-08-25 15:02 . 2001-08-18 03:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2010-08-25 15:02 . 2001-08-18 03:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2010-08-25 15:02 . 2001-08-18 03:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2010-08-25 15:02 . 2001-08-18 03:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2010-08-25 15:00 . 2001-08-17 17:13   19016   ----a-w-   c:\windows\system32\dllcache\w926nd.sys
2010-08-25 14:59 . 2004-08-04 04:08   25600   ----a-w-   c:\windows\system32\dllcache\usbser.sys
2010-08-25 14:58 . 2001-08-17 19:56   440576   ----a-w-   c:\windows\system32\dllcache\tridkb.dll
2010-08-25 14:57 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\tandqic.sys
2010-08-25 14:56 . 2001-08-17 18:51   61824   ----a-w-   c:\windows\system32\dllcache\speed.sys
2010-08-25 14:55 . 2004-08-04 10:00   38912   ----a-w-   c:\windows\system32\dllcache\sm9aw.dll
2010-08-25 14:54 . 2001-08-17 17:51   98080   ----a-w-   c:\windows\system32\dllcache\sgiulnt5.sys
2010-08-25 14:53 . 2001-08-17 19:56   179264   ----a-w-   c:\windows\system32\dllcache\s3sav3d.dll
2010-08-25 14:52 . 2004-08-04 10:00   14848   ----a-w-   c:\windows\system32\dllcache\register.exe
2010-08-25 14:51 . 2001-08-17 19:07   19840   ----a-w-   c:\windows\system32\dllcache\philtune.sys
2010-08-25 14:50 . 2001-08-17 19:05   351616   ----a-w-   c:\windows\system32\dllcache\ovcodek2.sys
2010-08-25 14:49 . 2004-08-04 10:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
2010-08-25 14:48 . 2004-08-04 03:41   126686   ----a-w-   c:\windows\system32\dllcache\mtlmnt5.sys
2010-08-25 14:47 . 2001-08-18 03:36   58368   ----a-w-   c:\windows\system32\dllcache\m3091dc.dll
2010-08-25 14:46 . 2001-08-18 03:36   8704   ----a-w-   c:\windows\system32\dllcache\kbdjpn.dll
2010-08-25 14:45 . 2001-08-17 19:06   100992   ----a-w-   c:\windows\system32\dllcache\icam5usb.sys
2010-08-25 14:44 . 2001-08-17 18:28   391199   ----a-w-   c:\windows\system32\dllcache\hsf_k56k.sys
2010-08-25 14:43 . 2001-08-17 18:58   19200   ----a-w-   c:\windows\system32\dllcache\hidbatt.sys
2010-08-25 14:42 . 2001-08-17 18:52   7040   ----a-w-   c:\windows\system32\dllcache\exabyte2.sys
2010-08-25 14:41 . 2001-08-17 17:11   69194   ----a-w-   c:\windows\system32\dllcache\el656cd5.sys
2010-08-25 14:40 . 2001-08-18 03:36   110592   ----a-w-   c:\windows\system32\dllcache\dc260usd.dll
2010-08-25 14:39 . 2001-08-17 17:12   37916   ----a-w-   c:\windows\system32\dllcache\cb102.sys
2010-08-25 14:38 . 2004-08-04 05:56   21183   ----a-w-   c:\windows\system32\dllcache\atv01nt5.dll
2010-08-25 14:37 . 2004-08-04 04:10   53248   ----a-w-   c:\windows\system32\dllcache\1394bus.sys
2010-08-23 14:45 . 2010-08-23 14:45   63488   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-23 14:45 . 2010-08-23 14:45   52224   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-23 14:45 . 2010-08-23 14:45   117760   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\SUPERAntiSpyware.com
2010-08-23 14:44 . 2010-08-23 14:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-23 14:43 . 2010-08-23 14:44   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-23 12:41 . 2010-08-23 12:41   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\Identities
2010-08-19 15:31 . 2010-08-19 15:31   --------   d-----w-   c:\program files\Trend Micro
2010-08-18 21:09 . 2010-08-18 21:09   --------   d-sh--w-   c:\documents and settings\egomez.DRGOMEZ\IECompatCache
2010-08-18 20:42 . 2010-08-26 20:53   --------   d-----w-   C:\QUARANTINE
2010-08-16 18:01 . 2005-09-17 18:32   745752   ----a-w-   c:\windows\system32\wodSmtp.dll
2010-08-16 18:01 . 2004-05-19 15:22   114688   ----a-w-   c:\windows\system32\DARTUTIL.DLL
2010-08-10 22:33 . 2010-08-10 22:33   --------   d-----w-   c:\program files\PMIC EBOOKS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 15:28 . 2005-09-07 23:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DIGStream
2010-08-31 13:04 . 2005-04-28 18:45   34816   ----a-w-   c:\program files\db_list.dbp
2010-08-27 14:22 . 2010-08-27 14:15   161   ----a-w-   c:\windows\Temp.tmp
2010-08-26 16:07 . 2009-12-14 13:25   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\HPAppData
2010-08-19 15:17 . 2010-08-18 21:27   --------   d-----w-   c:\program files\CCleaner
2010-08-18 22:04 . 2009-12-11 20:39   --------   d-----w-   c:\program files\Yahoo!
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\egomez.DRGOMEZ\Application Data\Malwarebytes
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:29 . 2010-08-18 21:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-06 14:36 . 2006-06-24 01:31   65912   ----a-w-   c:\documents and settings\egomez.DRGOMEZ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 12:16 . 2010-06-23 12:16   501936   ----a-w-   c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb166.tmp.exe
2010-06-14 13:42 . 2010-06-14 13:10   77383   ----a-w-   c:\windows\hpqins05.dat
2005-06-28 16:50 . 2005-06-28 16:50   6144   ----a-w-   c:\program files\DB_LIST_HISTORY.DBP
.

------- Sigcheck -------

[-] 2004-08-04 . 24E8C39B3E1EF32FB6C8703EF752AC74 . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2004-08-04 . A06B61E9E26A31E18D5E5412BAFC2467 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot_2010-08-30_12.57.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 15:25 . 2010-08-31 15:25   16384 c:\windows\temp\Perflib_Perfdata_5c0.dat
+ 2010-08-30 21:12 . 2010-08-30 21:12   16384 c:\windows\temp\Perflib_Perfdata_538.dat
+ 2010-08-31 15:25 . 2010-08-31 15:25   16384 c:\windows\temp\Perflib_Perfdata_344.dat
+ 2010-08-30 21:12 . 2010-08-30 21:12   16384 c:\windows\temp\Perflib_Perfdata_324.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 148888]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"SMSERIAL"="sm56hlpr.exe" [2004-07-19 565248]
"DIGStream"="c:\program files\DIGStream\digstream.exe" [2005-05-18 282624]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WinVNC"="c:\program files\RealVNC\WinVNC\winvnc.exe" [2003-03-05 335872]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-7-28 1450047]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2006-10-23 07:48   40048   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 07:29   47392   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 13:04   53248   ------w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06   142120   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-19 12:31   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-08 13:19   202256   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 06:01   110592   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\SYSTEM32\DRIVERS\mvstdi5x.sys [6/23/2006 9:04 PM 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 MLPTDR_B;MLPTDR_B;c:\windows\SYSTEM32\MLPTDR_B.SYS [9/2/2003 4:06 PM 20064]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\DRIVERS\npf.sys [8/2/2005 4:10 PM 32512]
S2 gupdate1ca3ddbc0872076;Google Update Service (gupdate1ca3ddbc0872076);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 7:28 AM 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 12:28]

2010-08-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3914068558-821231906-3718164370-1111.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-08-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2010-08-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 10:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\EntApi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Lexmark 4200 Series\lxbmbmon.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-08-31 10:33:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 15:33
ComboFix2.txt 2010-08-30 21:10
ComboFix3.txt 2010-08-30 13:01
ComboFix4.txt 2010-08-26 15:05
ComboFix5.txt 2010-08-31 15:16

Pre-Run: 25,732,579,328 bytes free
Post-Run: 25,722,580,992 bytes free

- - End Of File - - 2FC6E2F5F9BF8960209534ECC6087764

SuperDave · « **Reply #21 on:** August 31, 2010, 04:14:46 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

danldo · « **Reply #22 on:** September 01, 2010, 10:45:35 AM »

Here it is.
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0HH59E28\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0HH59E28\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0HH59E28\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0HH59E28\popup[4].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0HH59E28\popup[5].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0PUJ8HY3\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0PUJ8HY3\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0PUJ8HY3\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\0PUJ8HY3\pornwebring[1].htm   JS/TrojanDownloader.Agent.AB trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\2TONI1I5\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\8X63MZCT\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\8X63MZCT\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\8ZY7MPYP\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\8ZY7MPYP\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\8ZY7MPYP\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\9K2A7RCT\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\9K2A7RCT\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\9K2A7RCT\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\9K2A7RCT\popup[4].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\EL1MNQHK\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\EL1MNQHK\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\F2KRF58H\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\F2KRF58H\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\F2KRF58H\SystemDoctor2006FreeInstall[1].cab   a variant of Win32/Adware.WinFixer application   deleted - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\GDOBCFC3\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\GDOBCFC3\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\GDOBCFC3\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I19I7A1G\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I19I7A1G\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I1GNUH0H\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I1GNUH0H\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I1GNUH0H\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I1GNUH0H\popup[4].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\I3O3E1G7\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\K75VUYFT\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\K75VUYFT\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\K75VUYFT\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\LN3FX58E\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\NYSR7DW9\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\NYSR7DW9\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\NYSR7DW9\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\NYSR7DW9\popup[4].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\2006[1].htm   HTML/ScrInject.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\popup[1].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\popup[2].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\popup[3].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\popup[4].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Eric Gomez\Local Settings\Temporary Internet Files\Content.IE5\S1EZKXMB\popup[5].htm   HTML/TrojanClicker.Agent.A trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\egomez.DRGOMEZ\Application Data\Epemeg\ynoq.exe.vir   Win32/Spy.Zbot.YW trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir   Win32/Bamital.DX trojan   deleted - quarantined
C:\WINDOWS\explorer.exe   Win32/Bamital.DX trojan   unable to clean
C:\WINDOWS\SYSTEM32\hlp.dat   Win32/Bamital.DT trojan   cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\SYSTEM32\winlogon.exe   Win32/Bamital.DX trojan   unable to clean
Operating memory   Win32/Bamital.DX trojan

evilfantasy · « **Reply #23 on:** September 01, 2010, 12:43:28 PM »

Hello danldo. Your explorer.exe is infected and the scanners so far can not fix it. Now that the other malware is gone let's see if CF can fix it now. If not then we will have to go to another method.

Delete your current version of ComboFix and download it again!

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

danldo · « **Reply #24 on:** September 01, 2010, 03:18:28 PM »

The combofix scanned and then rebooted the computer and now I get Explore.exe application error The instruction at"0x00b7100" referenced memory at "0x00000000". The memory could not be written. I click ok to cancel or cancel to debug and it does nothing.I waited 10 minutes and it would not do anything. I tried both and nothing

evilfantasy · « **Reply #25 on:** September 01, 2010, 07:40:07 PM »

Have you tried restarting again?

danldo · « **Reply #26 on:** September 02, 2010, 02:14:29 AM »

I have tried several times but once I respond either way to the error message it does nothing.

evilfantasy · « **Reply #27 on:** September 02, 2010, 07:54:06 AM »

Have you tried starting in safe mode?

Do you have your install disk?

danldo · « **Reply #28 on:** September 02, 2010, 08:30:38 AM »

I have tried safe mode with no luck. I do have the install disk.

evilfantasy · « **Reply #29 on:** September 02, 2010, 10:14:40 AM »

Place the disk in the CD drive and attempt to do a repair install. http://michaelstevenstech.com/XPrepairinstall.htm

danldo · « **Reply #30 on:** September 02, 2010, 07:46:11 PM »

I did a repair of XP and then scanned with ESET online scan.
Here is the log from it.

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.vir Win32/Bamital.DX trojan deleted - quarantined

It seems to be runnig fine.
Thank you

evilfantasy · « **Reply #31 on:** September 03, 2010, 08:51:08 AM »

Good job!

If there are no more malware issues we can finish up now.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

* Click Start Scanner
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.
* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Computer Hope Forum

News:

Author Topic: iexplore.exe - Application Error (Read 15005 times)

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

SuperDave

danldo

evilfantasy

danldo

evilfantasy

danldo

evilfantasy

danldo

evilfantasy

danldo

evilfantasy