Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Your system is infected! (Please help if you can)  (Read 38521 times)

0 Members and 1 Guest are viewing this topic.

KayleyBug

    Topic Starter


    Beginner

    Your system is infected! (Please help if you can)
    « on: February 16, 2010, 02:24:48 AM »
    My laptop suddenly acquired a virus which I think I got when my friend used it and opened a song attached to an email she had. Many programs won't open or run, for example Pain won't work but Word will open.
    Some sites make the internet close itself, for example AVG, and sometimes when I try to download anti-virus programs they won't load.
    I have tried the 6 steps advised, however I was unable to do some as the virus won't let me.

    Superantispyware, for example, won't install or open (it starts to load and then just disappears), and it won't let me update Java.

    The background of my desktop is permanently green with the message 'YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed.'
    The poor grammar gives it away as being fake. Also an icon appeared in my toolbar (I think that's what it's called? next to the battery symbol on the bottom right) that was round and red with a white X, that kept popping up and warning me that I had a trojan and to click it for anti-spyware. That was also part of the virus, I believe, and has stopped popping up since running some of the recommended programs, but the background is still the same.

    I will post the two logs I do have:

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.5730.13

    15/02/2010 23:13:56
    mbam-log-2010-02-15 (23-13-56).txt

    Scan type: Quick Scan
    Objects scanned: 119792
    Time elapsed: 4 minute(s), 12 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 5
    Registry Data Items Infected: 11
    Folders Infected: 1
    Files Infected: 17

    Memory Processes Infected:
    C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\z1jipsibfe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\naprav2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sprecf.dll  -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\sprecf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\rspgjclg\nmjgvydu.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\51.tmp (Trojan.Waledac) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\52.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpv771266066426.exe (Trojan.Waledac) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\lyesys32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpv231266168394.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpv421265883176.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\wpv851265213601.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    ******************************************************************



    Symantec W32.Netsky FixTool 1.13.0


    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\01\11-{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}-v1-{E4B48C66-6217-4F8A-B588-32CD3169E251}-v11-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\12\25-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v12-{E4B48C66-6217-4F8A-B588-32CD3169E251}-v25-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\13\13-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v13-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v13-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\14\14-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v14-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v14-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\15\15-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v15-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v15-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\16\16-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v16-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v16-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\17\17-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v17-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v17-Downloaded.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{E93D9B0A-9E3D-07AC-6A4B-33F3AED6B808}\18\18-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v18-{913F0070-4EE3-4BBC-A6AD-A44D8290110C}-v18-Partial.frx (WARNING: not scanned, path to long)
    C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Music\SCANDAL\BEST?SCANDAL: (not scanned)
    C:\Documents and Settings\Administrator\My Documents\My Music\iTunes\iTunes Music\??: (not scanned)
    C:\Program Files\Crayon Physics Deluxe: (not scanned)
    C:\Program Files\Deskshare: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\boards\standard: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\mus: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc192\sfx: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc193: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc194: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc195: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc196: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc197: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc198: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc199: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc200: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc201: (not scanned)
    C:\RECYCLER\S-1-5-21-893622875-1752805829-1147589580-500\Dc202: (not scanned)
    C:\System Recovery: (not scanned)
    C:\System Volume Information: (not scanned)
    E:\System Volume Information: (not scanned)
    W32.Netsky has not been found on your computer.


    Any help you can give me would be genuinely appreciated, I really need my laptop for uni and it's a nightmare at the moment because I can't do any work or use the internet as I'm scared it will steal my passwords! If there's anything on my laptop you're not happy about me having (e.g. something I've downloaded in the past and forgotten about so it's floating about somewhere) then I'll be happy to delete it immediately. Thank you so much in advance for your help.

    Kayley

    KayleyBug

      Topic Starter


      Beginner

      Re: Your system is infected! (Please help if you can)
      « Reply #1 on: February 16, 2010, 09:50:52 AM »
      I managed to get to my SUPERAntiSpyware log in Safe Mode (I realised that I'd managed to get it to do a scan last night, but since re-booting after the scan, it will no longer let me open the program.)

      I also attempted to install the new version of Java in Safe Mode. It tried to install and would have been successful but unfortunately it can't fully install when the computer is in Safe Mode. (As mentioned above, Java will not open or install or do anything when my laptop is in Normal mode.)  :-\

      Here's my SAS scan log, hopefully with all 3 logs you'll now be better equipped to spot any problems. Let me know if you need any further information, of course I understand that going through the logs will take up your time, and that you also have real life to be getting on with, so I appreciate that it will be a few hours/days before I get a response.

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 02/16/2010 at 00:42 AM

      Application Version : 4.33.1000

      Core Rules Database Version : 4446
      Trace Rules Database Version: 1978

      Scan type       : Complete Scan
      Total Scan Time : 01:13:47

      Memory items scanned      : 529
      Memory threats detected   : 0
      Registry items scanned    : 6045
      Registry threats detected : 3
      File items scanned        : 81982
      File threats detected     : 1

      Browser Hijacker.Internet Explorer Zone Hijack
         HKU\S-1-5-21-893622875-1752805829-1147589580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com
         HKU\S-1-5-21-893622875-1752805829-1147589580-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com#http

      Adware.Tracking Cookie
         C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

      Trojan.DNSChanger-Codec
         HKU\S-1-5-21-893622875-1752805829-1147589580-500\Software\uninstall

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Re: Your system is infected! (Please help if you can)
      « Reply #2 on: February 17, 2010, 03:59:38 PM »
      If you already have ComboFix be sure to delete it and download a new copy.

      Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

      Link #1
      Link #2

      **Note:  It is important that it is saved directly to your Desktop

      Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
       
      Double click combofix.exe & follow the prompts.
      Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
      When finished ComboFix will produce a log for you.
      Post the ComboFix log in your next reply.

      Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

      If you have problems with ComboFix usage, see How to use ComboFix

      KayleyBug

        Topic Starter


        Beginner

        Re: Your system is infected! (Please help if you can)
        « Reply #3 on: February 17, 2010, 04:40:28 PM »
        Thank you so much for getting back to me.  :D
        Combofix wanted to download/install the 'Microsoft Windows recovery console' and I clicked yes but it didn't work, stating that I wasn't connected to the internet. However, I definitely was connected to the internet.  :-\
        I've done the scan, results below. Since using Combofix my desktop background is back to normal. I'm guessing the virus is still around though?
        I will leave my laptop on for now, and then set it to hibernate if I haven't heard back from you before I go to bed (in case I mess anything up before your next reply).



        ComboFix 10-02-12.01 - Kayley E R 17/02/2010  23:16:00.1.1 - x86
        Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.379 [GMT 0:00]
        Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
        AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
        FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
        FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
        c:\documents and settings\Administrator\Application Data\Microsoft\Windows\import.ocx
        c:\documents and settings\Administrator\Application Data\Microsoft\Windows\jsdb.dll
        c:\documents and settings\Administrator\Application Data\Microsoft\Windows\mfximport.exe
        c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}
        c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome.manifest
        c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome\content\_cfg.js
        c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\chrome\content\overlay.xul
        c:\documents and settings\Administrator\Local Settings\Application Data\{1E6CC85C-AE83-4676-9C1C-B03438E4FBC4}\install.rdf
        c:\documents and settings\Administrator\Local Settings\Temp\21303429133.nls
        c:\recycler\S-1-5-21-1340307497-2614723990-4250122306-500
        c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
        c:\recycler\S-1-5-21-893622875-1752805829-1147589580-1014
        c:\windows\msacm32.drv
        c:\windows\rasqervy.dll
        c:\windows\sdfinacs.dll
        c:\windows\sdfixwcs.dll
        c:\windows\system32\11478.exe
        c:\windows\system32\15724.exe
        c:\windows\system32\18467.exe
        c:\windows\system32\19169.exe
        c:\windows\system32\23281.exe
        c:\windows\system32\24464.exe
        c:\windows\system32\26500.exe
        c:\windows\system32\26962.exe
        c:\windows\system32\28145.exe
        c:\windows\system32\29358.exe
        c:\windows\system32\5705.exe
        c:\windows\system32\6334.exe
        c:\windows\system32\IS15.exe
        c:\windows\system32\warning.html
        c:\windows\TEMP\21303429133.nls
        c:\windows\ubaxaroyuyevev.dll
        c:\windows\wuasirvy.dll

        .
        (((((((((((((((((((((((((   Files Created from 2010-01-17 to 2010-02-17  )))))))))))))))))))))))))))))))
        .

        2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
        2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
        2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
        2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
        2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
        2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8
        2010-02-04 11:54 . 2010-02-17 23:04   120   ----a-w-   c:\windows\Byipelozu.dat
        2010-02-04 11:54 . 2010-02-17 23:04   0   ----a-w-   c:\windows\Esuloso.bin

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-02-17 23:25 . 2007-05-28 20:32   9517290   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
        2010-02-16 16:25 . 2010-02-16 16:27   3221504   ----a-w-   c:\windows\Internet Logs\xDB3.tmp
        2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
        2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
        2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
        2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
        2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
        2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
        2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
        2010-02-12 11:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
        2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
        2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
        2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
        2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
        2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
        2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
        "Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
        "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
        "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
        "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
        "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
        "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
        "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
        "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
        "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
        "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
        "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
        "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
        "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

        c:\documents and settings\Administrator\Start Menu\Programs\Startup\
        Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
        AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
        DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
        2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
        2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
        2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
        @="Service"

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\WINDOWS\\system32\\mqsvc.exe"=
        "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
        "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
        "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
        "c:\\Program Files\\AOL 9.0\\waol.exe"=
        "c:\\Program Files\\AOL\\RC\\regClient.exe"=
        "c:\\Program Files\\AOL 9.0a\\waol.exe"=
        "c:\\Program Files\\Messenger\\msmsgs.exe"=
        "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
        "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
        "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
        "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
        "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
        "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

        R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
        R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
        R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
        R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
        R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
        R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
        R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
        S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
        S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
        S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
        S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
        S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
        S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
        S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        Cognizance   REG_MULTI_SZ      ASChannel
        .
        Contents of the 'Scheduled Tasks' folder

        2010-02-17 c:\windows\Tasks\MP Scheduled Scan.job
        - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.hp.com/
        uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
        uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
        uInternet Settings,ProxyServer = 127.0.0.1:8080
        uInternet Settings,ProxyOverride = local;*.local
        uSearchAssistant = hxxp://www.google.com/ie
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        Trusted Zone: buy-internetsecurity10.com
        Trusted Zone: buy-is2010.com
        Trusted Zone: is-software-download.com
        Trusted Zone: is10-soft-download.com
        Trusted Zone: buy-internetsecurity10.com
        Trusted Zone: buy-is2010.com
        DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
        FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
        FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
        FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
        .
        - - - - ORPHANS REMOVED - - - -

        HKLM-Run-Ymigabobituyi - c:\windows\ubaxaroyuyevev.dll
        HKU-Default-RunOnce-RunNarrator - Narrator.exe
        AddRemove-Bonus Pack for Super DX-Ball Deluxe_is1 - c:\program files\Super DX-Ball Deluxe\unins001.exe
        AddRemove-CDisplay_is1 - c:\program files\CDisplay\unins000.exe
        AddRemove-Crayon Physics Deluxe_is1 - c:\program files\Crayon Physics Deluxe\unins000.exe
        AddRemove-Digital Media Converter_is1 - c:\program files\Deskshare\Digital Media Converter\unins000.exe
        AddRemove-Guitar Pro 4.0 - c:\progra~1\GUITAR~1\UNWISE.EXE
        AddRemove-Guitar Pro 5_is1 - c:\program files\Guitar Pro 5\unins000.exe
        AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
        AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
        AddRemove-Pocket Tanks_is1 - c:\program files\Pocket Tanks\unins000.exe
        AddRemove-SpeedFan - c:\program files\SpeedFan\uninstall.exe
        AddRemove-Super DX-Ball Deluxe_is1 - c:\program files\Super DX-Ball Deluxe\unins000.exe
        AddRemove-Super DX-Ball_is1 - c:\program files\Super DX-Ball\unins000.exe



        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-02-17 23:26
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        HKLM\Software\Microsoft\Windows\CurrentVersion\Run
          LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(928)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        c:\windows\system32\Ati2evxx.dll
        c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
        c:\windows\system32\IfxWlxEN.dll
        c:\program files\HPQ\IAM\Bin\ASChnl.dll
        c:\program files\HPQ\IAM\Bin\ItMsg.dll

        - - - - - - - > 'explorer.exe'(1632)
        c:\program files\HPQ\IAM\Bin\SFSShell.dll
        c:\program files\HPQ\IAM\bin\ItMsg.dll
        c:\windows\system32\msi.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\system32\Ati2evxx.exe
        c:\windows\system32\DllHost.exe
        c:\windows\system32\msdtc.exe
        c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        c:\program files\Bonjour\mDNSResponder.exe
        c:\windows\system32\IFXSPMGT.exe
        c:\windows\system32\IFXTCS.exe
        c:\program files\Common Files\LightScribe\LSSrvc.exe
        c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
        c:\progra~1\AVG\AVG8\avgrsx.exe
        c:\progra~1\AVG\AVG8\avgnsx.exe
        c:\windows\system32\wdfmgr.exe
        c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
        c:\windows\system32\mqsvc.exe
        c:\windows\system32\Ati2evxx.exe
        c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
        c:\program files\HPQ\IAM\bin\asghost.exe
        c:\windows\system32\mqtgsvc.exe
        c:\windows\system32\wscntfy.exe
        c:\program files\iPod\bin\iPodService.exe
        c:\program files\Common Files\Teleca Shared\Generic.exe
        c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
        .
        **************************************************************************
        .
        Completion time: 2010-02-17  23:32:55 - machine was rebooted
        ComboFix-quarantined-files.txt  2010-02-17 23:32

        Pre-Run: 20,770,365,440 bytes free
        Post-Run: 20,662,919,168 bytes free

        - - End Of File - - 9BCEE55D3BE4497A670308AA97C4A00D

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        Re: Your system is infected! (Please help if you can)
        « Reply #4 on: February 17, 2010, 05:18:47 PM »
        Don't worry about the Recovery Console. You can skip that.


        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        DDS::
        Trusted Zone: buy-internetsecurity10.com
        Trusted Zone: buy-is2010.com
        Trusted Zone: is-software-download.com
        Trusted Zone: is10-soft-download.com
        Trusted Zone: buy-internetsecurity10.com
        Trusted Zone: buy-is2010.com

        Firefox::
        FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

        File::
        c:\windows\Byipelozu.dat
        c:\windows\Esuloso.bin

        Folder::
        c:\program files\Viewpoint

        Registry::
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "Kbdgui"=


        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

        ----------

        Please go to Start > Run and copy/paste the following blue text, then press Enter:

        C:\QooBox\Add-Remove Programs.txt

        A text file should open. Please post the contents of that file in your next reply.

        KayleyBug

          Topic Starter


          Beginner

          Re: Your system is infected! (Please help if you can)
          « Reply #5 on: February 17, 2010, 05:50:23 PM »
          New ComboFix log:


          ComboFix 10-02-12.01 - Kayley E R 18/02/2010   0:31.2.1 - x86
          Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.345 [GMT 0:00]
          Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
          Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
          AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
          FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

          FILE ::
          "c:\windows\Byipelozu.dat"
          "c:\windows\Esuloso.bin"
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\program files\Viewpoint
          c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
          c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
          c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
          c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
          c:\windows\Byipelozu.dat
          c:\windows\Esuloso.bin

          .
          (((((((((((((((((((((((((   Files Created from 2010-01-18 to 2010-02-18  )))))))))))))))))))))))))))))))
          .

          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
          2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
          2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
          2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
          2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
          2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
          2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2010-02-17 23:25 . 2007-05-28 20:32   9517290   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
          2010-02-16 16:25 . 2010-02-16 16:27   3221504   ----a-w-   c:\windows\Internet Logs\xDB3.tmp
          2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
          2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
          2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
          2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
          2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
          2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
          2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
          2010-02-12 11:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
          2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
          2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
          2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
          2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
          2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
          2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
          "Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
          "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
          "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
          "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
          "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
          "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
          "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
          "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
          "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
          "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
          "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
          "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
          "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

          c:\documents and settings\Administrator\Start Menu\Programs\Startup\
          Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
          AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
          DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
          2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
          2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
          2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
          @="Service"

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\WINDOWS\\system32\\mqsvc.exe"=
          "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
          "c:\\Program Files\\AOL 9.0\\waol.exe"=
          "c:\\Program Files\\AOL\\RC\\regClient.exe"=
          "c:\\Program Files\\AOL 9.0a\\waol.exe"=
          "c:\\Program Files\\Messenger\\msmsgs.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
          "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
          "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
          "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
          "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

          R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
          R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
          R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
          R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
          R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
          R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
          R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
          S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
          S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
          S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
          S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
          S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
          Cognizance   REG_MULTI_SZ      ASChannel
          .
          Contents of the 'Scheduled Tasks' folder

          2010-02-18 c:\windows\Tasks\MP Scheduled Scan.job
          - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.hp.com/
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
          uInternet Settings,ProxyServer = 127.0.0.1:8080
          uInternet Settings,ProxyOverride = local;*.local
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
          FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
          FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
          .
          - - - - ORPHANS REMOVED - - - -

          AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2010-02-18 00:41
          Windows 5.1.2600 Service Pack 2 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
            LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(924)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          c:\windows\system32\Ati2evxx.dll
          c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
          c:\windows\system32\IfxWlxEN.dll
          c:\program files\HPQ\IAM\Bin\ASChnl.dll
          c:\program files\HPQ\IAM\Bin\ItMsg.dll

          - - - - - - - > 'explorer.exe'(2852)
          c:\program files\HPQ\IAM\Bin\SFSShell.dll
          c:\program files\HPQ\IAM\bin\ItMsg.dll
          c:\windows\system32\msi.dll
          c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
          .
          ------------------------ Other Running Processes ------------------------
          .
          c:\windows\system32\Ati2evxx.exe
          c:\windows\system32\DllHost.exe
          c:\windows\system32\Ati2evxx.exe
          c:\program files\HPQ\IAM\bin\asghost.exe
          c:\windows\system32\msdtc.exe
          c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
          c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          c:\program files\Bonjour\mDNSResponder.exe
          c:\windows\system32\IFXSPMGT.exe
          c:\windows\system32\IFXTCS.exe
          c:\program files\Common Files\LightScribe\LSSrvc.exe
          c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
          c:\progra~1\AVG\AVG8\avgrsx.exe
          c:\progra~1\AVG\AVG8\avgnsx.exe
          c:\windows\system32\wdfmgr.exe
          c:\windows\system32\mqsvc.exe
          c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
          c:\windows\system32\mqtgsvc.exe
          c:\windows\system32\wscntfy.exe
          c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
          c:\program files\iPod\bin\iPodService.exe
          c:\program files\Common Files\Teleca Shared\Generic.exe
          c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
          .
          **************************************************************************
          .
          Completion time: 2010-02-18  00:47:24 - machine was rebooted
          ComboFix-quarantined-files.txt  2010-02-18 00:47
          ComboFix2.txt  2010-02-17 23:32

          Pre-Run: 20,634,279,936 bytes free
          Post-Run: 20,573,704,192 bytes free

          - - End Of File - - C9B4B339BA1545B0EE1ED5FEA0FACD2A



          ************************************************************

          Copy and paste blue text results:



          Ad-Aware SE Personal
          Adobe Bridge 1.0
          Adobe Common File Installer
          Adobe Flash Player 10 Plugin
          Adobe Flash Player 9 ActiveX
          Adobe Help Center 1.0
          Adobe Photoshop CS2
          Adobe Reader 7.0.9
          Adobe Shockwave Player
          Adobe Stock Photos 1.0
          AOL Coach Version 1.0(Build:20040229.1 uk)
          AOL Connectivity Services
          AOL Registration
          AOL Spyware Protection
          AOL Toolbar
          AOL UK (Choose which version to remove)
          AOL You've Got Pictures Screensaver
          Apple Mobile Device Support
          Apple Software Update
          Application Installer 4.00.B6
          ATI Catalyst Control Center
          ATI Display Driver
          Atomic Cannon Demo
          Audacity 1.2.6
          AVG 8.5
          Bonjour
          CCleaner (remove only)
          Comic Life
          Compatibility Pack for the 2007 Office system
          Cortona® VRML Client
          Disc2Phone
          DivX Web Player
          Firebird SQL Server - MAGIX Edition
          HDAUDIO Soft Data Fax Modem with SmartCP
          Hotfix for Windows XP (KB896243)
          Hotfix for Windows XP (KB896256)
          Hotfix for Windows XP (KB909095)
          Hotfix for Windows XP (KB910728)
          Hotfix for Windows XP (KB912436)
          Hotfix for Windows XP (KB914440)
          Hotfix for Windows XP (KB915326)
          Hotfix for Windows XP (KB915865)
          Hotfix for Windows XP (KB918005)
          HP Backup and Recovery Manager Installer
          HP BIOS Configuration for ProtectTools 2.00 G1
          HP Credential Manager for ProtectTools
          HP Embedded Security for ProtectTools
          HP Help and Support
          HP Notebook Accessories Product Tour
          HP ProtectTools Security Manager 2.00 C3
          HP Quick Launch Buttons 6.00 G2
          HP Update
          HP User Guides 0022
          HP Wireless Assistant 2.00 F1
          HpSdpAppCoreApp
          InterVideo DVD Check
          InterVideo WinDVD
          IrfanView (remove only)
          iTunes
          Learn2 Player (Uninstall Only)
          Lexmark 730 Series
          LightScribe  1.4.84.1
          MAGIX 3D Maker (embeded)
          MAGIX Movie Edit Pro 15 Download version 8.5.0.30 (UK)
          MAGIX Screenshare 4.3.6.1987 (UK)
          MAGIX Xtreme PhotoStory on CD & DVD 8 deluxe Download version 8.0.3.2 (UK)
          Malwarebytes' Anti-Malware
          Microsoft Application Error Reporting
          Microsoft Choice Guard
          Microsoft Internationalized Domain Names Mitigation APIs
          Microsoft National Language Support Downlevel APIs
          Microsoft Office Standard Edition 2003
          Microsoft Speech SDK 5.1
          Microsoft Text-to-Speech Engine 4.0 (English)
          Microsoft Visual C++ 2005 Redistributable
          Mozilla Firefox (3.5.7)
          MSVCRT
          MSXML 4.0 SP2 (KB927978)
          Multi-Direction Opitcal Mouse 2.0
          Power Tab Editor 1.7
          QuickTime
          RealPlayer
          Safari
          Security Update for Step By Step Interactive Training (KB898458)
          Security Update for Windows Internet Explorer 7 (KB950759)
          Security Update for Windows Media Player (KB911564)
          Security Update for Windows Media Player 10 (KB917734)
          Security Update for Windows Media Player 6.4 (KB925398)
          Security Update for Windows Media Player 9 (KB911565)
          Security Update for Windows XP (KB893066)
          Security Update for Windows XP (KB893756)
          Security Update for Windows XP (KB896358)
          Security Update for Windows XP (KB896422)
          Security Update for Windows XP (KB896423)
          Security Update for Windows XP (KB896424)
          Security Update for Windows XP (KB896428)
          Security Update for Windows XP (KB899587)
          Security Update for Windows XP (KB899591)
          Security Update for Windows XP (KB900725)
          Security Update for Windows XP (KB901017)
          Security Update for Windows XP (KB901190)
          Security Update for Windows XP (KB901214)
          Security Update for Windows XP (KB902400)
          Security Update for Windows XP (KB903235)
          Security Update for Windows XP (KB904706)
          Security Update for Windows XP (KB905414)
          Security Update for Windows XP (KB905749)
          Security Update for Windows XP (KB908519)
          Security Update for Windows XP (KB911562)
          Security Update for Windows XP (KB911927)
          Security Update for Windows XP (KB912919)
          Security Update for Windows XP (KB913446)
          Security Update for Windows XP (KB913580)
          Security Update for Windows XP (KB914388)
          Security Update for Windows XP (KB914389)
          Security Update for Windows XP (KB917344)
          Security Update for Windows XP (KB917422)
          Security Update for Windows XP (KB917953)
          Security Update for Windows XP (KB918439)
          Security Update for Windows XP (KB919007)
          Security Update for Windows XP (KB920213)
          Security Update for Windows XP (KB920670)
          Security Update for Windows XP (KB920683)
          Security Update for Windows XP (KB920685)
          Security Update for Windows XP (KB921398)
          Security Update for Windows XP (KB922616)
          Security Update for Windows XP (KB922819)
          Security Update for Windows XP (KB923191)
          Security Update for Windows XP (KB923414)
          Security Update for Windows XP (KB923689)
          Security Update for Windows XP (KB923694)
          Security Update for Windows XP (KB923980)
          Security Update for Windows XP (KB924191)
          Security Update for Windows XP (KB924270)
          Security Update for Windows XP (KB924496)
          Security Update for Windows XP (KB925454)
          Security Update for Windows XP (KB926255)
          Security Update for Windows XP (KB929969)
          Segoe UI
          Sonic Audio Module
          Sonic Copy Module
          Sonic Data Module
          Sonic DLA
          Sonic Express Labeler
          Sonic MyDVD Plus
          Sonic Update Manager
          Sony Ericsson PC Suite
          SoundMAX
          Spybot - Search & Destroy 1.4
          SUPERAntiSpyware Free Edition
          Synaptics Pointing Device Driver
          Texas Instruments PCIxx21/x515/xx12 drivers.
          TIPCI
          Update for Windows XP (KB894391)
          Update for Windows XP (KB896727)
          Update for Windows XP (KB898461)
          Update for Windows XP (KB900485)
          Update for Windows XP (KB904942)
          Update for Windows XP (KB908531)
          Update for Windows XP (KB910437)
          Update for Windows XP (KB911280)
          Update for Windows XP (KB912945)
          Update for Windows XP (KB916595)
          Update for Windows XP (KB920872)
          Update for Windows XP (KB922582)
          USB Disk Win98 Driver
          VC80CRTRedist - 8.0.50727.762
          VideoLAN VLC media player 0.8.6a
          Viewpoint Media Player
          WebFldrs XP
          Windows Defender
          Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
          Windows Genuine Advantage Validation Tool (KB892130)
          Windows Installer 3.1 (KB893803)
          Windows Installer Clean Up
          Windows Internet Explorer 7
          Windows Live Call
          Windows Live Communications Platform
          Windows Live Essentials
          Windows Live Messenger
          Windows Live OneCare safety scanner
          Windows Live Sign-in Assistant
          Windows Live Upload Tool
          Windows Media Connect
          Windows Media Format Runtime
          Windows Media Player 10
          Windows XP Hotfix - KB873333
          Windows XP Hotfix - KB873339
          Windows XP Hotfix - KB883667
          Windows XP Hotfix - KB884575
          Windows XP Hotfix - KB885250
          Windows XP Hotfix - KB885295
          Windows XP Hotfix - KB885464
          Windows XP Hotfix - KB885835
          Windows XP Hotfix - KB885836
          Windows XP Hotfix - KB885855
          Windows XP Hotfix - KB885884
          Windows XP Hotfix - KB886185
          Windows XP Hotfix - KB887472
          Windows XP Hotfix - KB888113
          Windows XP Hotfix - KB888239
          Windows XP Hotfix - KB888302
          Windows XP Hotfix - KB888402
          Windows XP Hotfix - KB889673
          Windows XP Hotfix - KB890859
          Windows XP Hotfix - KB891781
          Windows XP Hotfix - KB892559
          WinRAR archiver
          WinZip
          Xvid 1.1.3 final uninstall
          ZoneAlarm

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Re: Your system is infected! (Please help if you can)
          « Reply #6 on: February 17, 2010, 05:58:50 PM »
          Sorry I missed something. But it's a quick fix.

          Go to Start > Run and type notepad.exe then click OK

          Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

          Code: [Select]
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Kbdgui"=-

          Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

          Delete the fixme.reg from the Desktop.

          ----------

          * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
          * Now type Combofix /Uninstall in the runbox
          * Make sure there's a space between Combofix and /Uninstall
          * Then hit Enter

          * The above procedure will:
          * Delete the following:
          * ComboFix and its associated files and folders.
          * Reset the clock settings.
          * Hide file extensions, if required.
          * Hide System/Hidden files, if required.
          * Set a new, clean Restore Point.

          ----------

          Clean out your temporary internet files and temp files.

          Download TFC by OldTimer to your desktop.

          Double-click TFC.exe to run it.

          Note: If you are running on Vista, right-click on the file and choose Run As Administrator

          TFC will close all programs when run, so make sure you have saved all your work before you begin.

          * Click the Start button to begin the cleaning process.
          * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
          * Please let TFC run uninterrupted until it is finished.

          Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

          ----------

          ESET Online Scan

          Scan your computer with the ESET FREE Online Virus Scan

          * Click the ESET Online Scanner button.

          * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
          * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
          * Place a check mark next to YES, I accept the Terms of Use.

          * Click the Start button.
          * Accept any security warnings from your browser.
          * Leave the check mark next to Remove found threats and place a check next to Scan archives.
          * Click the Start button.
          * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
          * When the scan completes, click List of found threats.
          * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
          * Click the <<Back button then click Finish.

          In your next reply please include the ESET Online Scan Log

          KayleyBug

            Topic Starter


            Beginner

            Re: Your system is infected! (Please help if you can)
            « Reply #7 on: February 17, 2010, 06:19:36 PM »
            I managed everything else, however when I attempted to run ESET after saving it to desktop a box appears saying:

            Can not get update. Is proxy configured?
            ESET online scanner installation consists of three steps
            1. Component download
            2. Component registration
            3. Start

            Then there's a loading bar that's empty. Below that is a box to check saying 'Use custom proxy settings' and a link saying 'configure'. The Configure asks for my Proxy address, Port, Username and Password.
            When I click the start button at the bottom right of the box, the writing saying 'Can not get update. Is proxy configured?' changes to 'Downloading components...' for a split second and then goes back to the above description.

            Should I disable AVG? Is that what's blocking it?

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: Your system is infected! (Please help if you can)
            « Reply #8 on: February 17, 2010, 06:25:25 PM »
            I had something similar when I tried to use the download with Firefox. Try using the Internet Explorer scan.

            KayleyBug

              Topic Starter


              Beginner

              Re: Your system is infected! (Please help if you can)
              « Reply #9 on: February 17, 2010, 06:32:41 PM »
              Thank you, it worked fine on Internet Explorer.
              Unfortunately, I have no scan log show for it because it says 'No Threats Found'.
              Should I check 'uninstall application on close'?

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: Your system is infected! (Please help if you can)
              « Reply #10 on: February 17, 2010, 06:34:19 PM »
              There is no way the scan finished that fast. Did you adjust any of the settings for the scan?

              KayleyBug

                Topic Starter


                Beginner

                Re: Your system is infected! (Please help if you can)
                « Reply #11 on: February 17, 2010, 06:38:22 PM »
                I didn't change any settings except to check 'scan archives', but I went back to it to do another scan and realised that 'Scan for potentially unsafe applications' is already un-checked. Should I check that? I'm also going to disable Zone Alarm and AVG.

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: Your system is infected! (Please help if you can)
                « Reply #12 on: February 17, 2010, 06:40:29 PM »
                Let's try another scanner. That was just way too fast.


                Scan your computer with Panda ActiveScan

                * Once you are on the Panda site click the Scan your PC now button.
                * A new window will open...click the Scan Now button.
                * If it wants to install an ActiveX component allow it.
                * It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes)
                * You may get a warning from Internet Explorer that Panda is ready to install, please allow it.
                * The scan will begin. Please be patient as it can take an hour or more to complete.
                * When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad).
                * Save the ActiveScan.txt to a convenient location like your desktop.
                * Note: You do not need to select any of the Disinfect options. We will remove any threats manually.

                * Post the contents of the ActiveScan report in your next reply.

                KayleyBug

                  Topic Starter


                  Beginner

                  Re: Your system is infected! (Please help if you can)
                  « Reply #13 on: February 17, 2010, 06:56:58 PM »
                  Much more luck with the Panda scan, it's running now.
                  As it's 2am here in Wales and could be after 3am once it's done, I'm going to set my laptop to hibernate after 2 hours and let it run while I go to sleep.
                  I'll post the scan results in the morning although it'll be night time for you, so I understand I'm in for another wait  :)

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 489
                  • Experience: Familiar
                  • OS: Windows 10
                  Re: Your system is infected! (Please help if you can)
                  « Reply #14 on: February 17, 2010, 07:12:45 PM »
                  We can finish up whenever you get the time to. :)

                  KayleyBug

                    Topic Starter


                    Beginner

                    Re: Your system is infected! (Please help if you can)
                    « Reply #15 on: February 18, 2010, 04:23:08 AM »
                    Here they are, the active scan results:

                    ;*****************************************************************************
                    ANALYSIS: 2010-02-18 11:21:33
                    PROTECTIONS: 1
                    MALWARE: 4
                    SUSPECTS: 2
                    ;*****************************************************************************
                    PROTECTIONS
                    Description                                  Version                       Active    Updated
                    ;====================================================================
                    AVG Anti-Virus Free                          8.5                           No        No
                    ;====================================================================
                    MALWARE
                    Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
                    ;====================================================================
                    00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           c:\documents and settings\administrator\cookies\[email protected][2].txt
                    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001951.exe
                    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000466.exe
                    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp10\a0003173.dll
                    03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\windows\system32\msls50.dll
                    05898765  Trj/Nabload.DPS                    Virus/Trojan        No        0         No             No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp11\a0003505.exe[32788r22fwjfw\catchme.cfxxe]
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000445.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0000469.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000424.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001483.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000410.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000366.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001887.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001942.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp8\a0001950.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp5\a0000435.exe
                    05977738  Adware/ISecurity2010               Adware              No        0         Yes            No           c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp6\a0001471.exe
                    ;====================================================================
                    SUSPECTS
                    Sent      Location
                    ;====================================================================
                    No        c:\system volume information\_restore{a80475b6-cf6d-4b3a-bd21-b16c67db5304}\rp7\a0001900.dll
                    No        c:\windows\system32\msls51.dll
                    ;====================================================================
                    VULNERABILITIES
                    Id        Severity       Description
                    ;====================================================================
                    216839    HIGH           MS10-001
                    215938    HIGH           MS09-072
                    215935    HIGH           MS09-069
                    215048    HIGH           MS09-065
                    214076    HIGH           MS09-059
                    971486    HIGH           MS09-058
                    214074    HIGH           MS09-057
                    214073    HIGH           MS09-056
                    214072    HIGH           MS09-055
                    214071    HIGH           MS09-054
                    213109    HIGH           MS09-046
                    212494    HIGH           MS09-042
                    212493    HIGH           MS09-041
                    212490    HIGH           MS09-038
                    212530    HIGH           MS09-034
                    211784    HIGH           MS09-032
                    211781    HIGH           MS09-029
                    210625    HIGH           MS09-026
                    210624    HIGH           MS09-025
                    210621    HIGH           MS09-022
                    210618    HIGH           MS09-019
                    208380    HIGH           MS09-015
                    208379    HIGH           MS09-014
                    208378    HIGH           MS09-013
                    208377    HIGH           MS09-012
                    206981    HIGH           MS09-007
                    206980    HIGH           MS09-006
                    205735    HIGH           MS09-002
                    204670    HIGH           MS09-001
                    203806    HIGH           MS08-078
                    203508    HIGH           MS08-073
                    203505    HIGH           MS08-071
                    202465    HIGH           MS08-068
                    201683    HIGH           MS08-067
                    201258    HIGH           MS08-066
                    201256    HIGH           MS08-064
                    201255    HIGH           MS08-063
                    201253    HIGH           MS08-061
                    201250    HIGH           MS08-058
                    209275    HIGH           MS08-049
                    209273    HIGH           MS08-045
                    196455    MEDIUM         MS08-037
                    194862    HIGH           MS08-032
                    194860    HIGH           MS08-030
                    191618    HIGH           MS08-025
                    191616    HIGH           MS08-023
                    191614    HIGH           MS08-021
                    191613    HIGH           MS08-020
                    187733    HIGH           MS08-008
                    184380    MEDIUM         MS08-002
                    184379    MEDIUM         MS08-001
                    182046    HIGH           MS07-067
                    179553    HIGH           MS07-061
                    176383    HIGH           MS07-058
                    170911    HIGH           MS07-050
                    170907    HIGH           MS07-046
                    170904    HIGH           MS07-043
                    164915    HIGH           MS07-035
                    164911    HIGH           MS07-031
                    157262    HIGH           MS07-022
                    157261    HIGH           MS07-021
                    157260    HIGH           MS07-020
                    157259    HIGH           MS07-019
                    156477    HIGH           MS07-017
                    150249    HIGH           MS07-013
                    150248    HIGH           MS07-012
                    150247    HIGH           MS07-011
                    150243    HIGH           MS07-008
                    150242    HIGH           MS07-007
                    150241    MEDIUM         MS07-006
                    ;====================================================================
                    « Last Edit: February 18, 2010, 11:55:31 AM by evilfantasy »

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 489
                    • Experience: Familiar
                    • OS: Windows 10
                    Re: Your system is infected! (Please help if you can)
                    « Reply #16 on: February 18, 2010, 11:54:26 AM »
                    Download OTM by OldTimer to your desktop.

                    Note: If you are using Vista or Windows 7, right-click on OTM.exe and choose Run As Administrator.

                    * Save it to your Desktop.
                    * Double-click OTM.exe to run it.
                    * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

                    Code: [Select]
                    :Processes
                    explorer.exe

                    :services

                    :reg

                    :files
                    c:\windows\system32\msls50.dll
                    c:\windows\system32\msls51.dll

                    :Commands
                    [resethosts]
                    [purity]
                    [start explorer]
                    [Reboot]

                    * Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
                    * Click the red Moveit! button.
                    * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

                    * Close OTM

                    Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

                    « Last Edit: February 18, 2010, 07:24:54 PM by evilfantasy »

                    KayleyBug

                      Topic Starter


                      Beginner

                      Re: Your system is infected! (Please help if you can)
                      « Reply #17 on: February 18, 2010, 12:27:50 PM »
                      I did as instructed, however I couldn't get the results as it rebooted immediately after it finished.
                      After the re-boot as I kept getting this warning:

                      userinit.exe - Unable to Locate Component

                      This application has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.

                      Now only the desktop background is visible, I can open task manager but that's all, there's no toolbar or desktop icons or anything.

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 489
                      • Experience: Familiar
                      • OS: Windows 10
                      Re: Your system is infected! (Please help if you can)
                      « Reply #18 on: February 18, 2010, 12:53:04 PM »
                      Manually shut down the computer and then start it again.

                      KayleyBug

                        Topic Starter


                        Beginner

                        Re: Your system is infected! (Please help if you can)
                        « Reply #19 on: February 18, 2010, 12:58:31 PM »
                        Done. It's still the same, giving the same warning constantly. The background is the only thing there. I can open task manager and that's it.

                        evilfantasy

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Calm like a bomb
                        • Thanked: 489
                        • Experience: Familiar
                        • OS: Windows 10
                        Re: Your system is infected! (Please help if you can)
                        « Reply #20 on: February 18, 2010, 01:43:43 PM »
                        Restart the computer. This time as it is loading up tap the F8 key until you get to the boot menu.

                        Choose Last Known Good Configuration.

                        Let me know how that goes.

                        KayleyBug

                          Topic Starter


                          Beginner

                          Re: Your system is infected! (Please help if you can)
                          « Reply #21 on: February 18, 2010, 01:52:13 PM »
                          Didn't go well, it's still the same, same warning about msls51.dll not found.

                          evilfantasy

                          • Malware Removal Specialist
                          • Moderator


                          • Genius
                          • Calm like a bomb
                          • Thanked: 489
                          • Experience: Familiar
                          • OS: Windows 10
                          Re: Your system is infected! (Please help if you can)
                          « Reply #22 on: February 18, 2010, 02:25:09 PM »
                          Do you have your desktop back?

                          KayleyBug

                            Topic Starter


                            Beginner

                            Re: Your system is infected! (Please help if you can)
                            « Reply #23 on: February 18, 2010, 02:26:19 PM »
                            Nothing there at all except the background picture. No desktop icons, toolbar, nothing.

                            evilfantasy

                            • Malware Removal Specialist
                            • Moderator


                            • Genius
                            • Calm like a bomb
                            • Thanked: 489
                            • Experience: Familiar
                            • OS: Windows 10
                            Re: Your system is infected! (Please help if you can)
                            « Reply #24 on: February 18, 2010, 02:35:47 PM »
                            On the Keyboard press (all at the same time) CTRL ALT Delete

                            When the Task Manager cones up go to File > New Task > then type in explorer.exe and click OK.

                            Did your desktop come up?

                            KayleyBug

                              Topic Starter


                              Beginner

                              Re: Your system is infected! (Please help if you can)
                              « Reply #25 on: February 18, 2010, 02:38:44 PM »
                              Explorer appeared briefly in the 'Applications' box of Tast Manager, with writing saying 'unable to locate component', then it dissapeared. My desktop did not come up.
                              The msls51.dll box came up about 5 more times in the process.

                              evilfantasy

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Calm like a bomb
                              • Thanked: 489
                              • Experience: Familiar
                              • OS: Windows 10
                              Re: Your system is infected! (Please help if you can)
                              « Reply #26 on: February 18, 2010, 02:46:03 PM »
                              On the Keyboard press (all at the same time) CTRL ALT Delete

                              When the Task Manager cones up go to File > New Task > then type in rstrui.exe and click OK.

                              Do you get the System restore window?

                              KayleyBug

                                Topic Starter


                                Beginner

                                Re: Your system is infected! (Please help if you can)
                                « Reply #27 on: February 18, 2010, 02:48:39 PM »
                                'Windows cannot find 'rstrui.exe'. Make sure you typed the name correctly, and then try again.'

                                That's what happens each time I try.

                                evilfantasy

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Calm like a bomb
                                • Thanked: 489
                                • Experience: Familiar
                                • OS: Windows 10
                                Re: Your system is infected! (Please help if you can)
                                « Reply #28 on: February 18, 2010, 02:50:03 PM »
                                Do you have your XP CD?

                                KayleyBug

                                  Topic Starter


                                  Beginner

                                  Re: Your system is infected! (Please help if you can)
                                  « Reply #29 on: February 18, 2010, 02:53:36 PM »
                                  No, it already had XP installed when I got it (over 3 years ago) and did not come with a backup XP disc.

                                  evilfantasy

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Calm like a bomb
                                  • Thanked: 489
                                  • Experience: Familiar
                                  • OS: Windows 10
                                  Re: Your system is infected! (Please help if you can)
                                  « Reply #30 on: February 18, 2010, 02:58:34 PM »
                                  I am baffled as to what happened here.

                                  Try booting the computer into safe mode using the F8 method and see if it get's to the desktop.

                                  KayleyBug

                                    Topic Starter


                                    Beginner

                                    Re: Your system is infected! (Please help if you can)
                                    « Reply #31 on: February 18, 2010, 03:07:45 PM »
                                    The box still keeps coming up -

                                    Explorer.EXE - unable to locate component
                                    This applications has failed to start because msls51.dll was not found. Re-installing the application may fix this problem.


                                    There's a red circle with a white X on the left side of the box that resembles the one the virus put in my task bar at the very start, telling me to install anti-virus.

                                    Now the screen is completely black with Safe Mode written in each corner and "Microsoft (R) Windows XP (R) (Build 2600.xpsp.051011-1528: Service Pack 2)" written at the top.

                                    evilfantasy

                                    • Malware Removal Specialist
                                    • Moderator


                                    • Genius
                                    • Calm like a bomb
                                    • Thanked: 489
                                    • Experience: Familiar
                                    • OS: Windows 10
                                    Re: Your system is infected! (Please help if you can)
                                    « Reply #32 on: February 18, 2010, 03:32:07 PM »
                                    msls51.dll is a malicious file.

                                    Can you get explorer or rstrui.exe to run in Safe Mode using the Task Manager?

                                    KayleyBug

                                      Topic Starter


                                      Beginner

                                      Re: Your system is infected! (Please help if you can)
                                      « Reply #33 on: February 18, 2010, 03:34:52 PM »
                                      Explorer and system restore won't work in Safe Mode either, it's the exact same results as when it was in Normal Mode, which is weird because I thought things were meant to just work when in Safe Mode.

                                      evilfantasy

                                      • Malware Removal Specialist
                                      • Moderator


                                      • Genius
                                      • Calm like a bomb
                                      • Thanked: 489
                                      • Experience: Familiar
                                      • OS: Windows 10
                                      Re: Your system is infected! (Please help if you can)
                                      « Reply #34 on: February 18, 2010, 03:39:25 PM »
                                      Can you burn a CD?

                                      On a good computer, download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso

                                      Next, download, and install free Imgburn: http://www.imgburn.com/index.php?act=download

                                      Using Imgburn, burn rc.iso to a CD.

                                      Put the CD in the infected computer and boot to the CD...let it finish loading.

                                      When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

                                      Follow steps 3 - 14 as described here - http://www.geekstogo.com/forum/Fake-Security-Centre-Alerts-virus-malware-t266741.html&st=15&p=1753604#entry1753604

                                      KayleyBug

                                        Topic Starter


                                        Beginner

                                        Re: Your system is infected! (Please help if you can)
                                        « Reply #35 on: February 18, 2010, 04:18:06 PM »
                                        I've made the CD and put it in my infected laptop, however I'm having trouble with the 'boot to the CD step'.
                                        Do you mean that I should restart and instead of pressing f8 for Safe Mode I should press f9 for Boot service menu? Or the other option is f10 which is ROM based setup.

                                        In Safe Mode and Normal Mode the CD doesn't do anything so I guess I need to do either the f9 or f10 option.

                                        If it's any help my laptop is a HP compaq nx6325.

                                        evilfantasy

                                        • Malware Removal Specialist
                                        • Moderator


                                        • Genius
                                        • Calm like a bomb
                                        • Thanked: 489
                                        • Experience: Familiar
                                        • OS: Windows 10
                                        Re: Your system is infected! (Please help if you can)
                                        « Reply #36 on: February 18, 2010, 04:21:12 PM »
                                        Quote
                                        Do you mean that I should restart and instead of pressing f8 for Safe Mode I should press f9 for Boot service menu? Or the other option is f10 which is ROM based setup.

                                        It will be the F9 or F10 option. You should see the CD that you have in the drive to boot to. If it isn't listed, when the computer first starts to boot, in the lower left screen you should see which key to press to get to the boot menu.

                                        KayleyBug

                                          Topic Starter


                                          Beginner

                                          Re: Your system is infected! (Please help if you can)
                                          « Reply #37 on: February 18, 2010, 04:42:33 PM »
                                          I've reached step 9 where I am supposed to enter the promt 'cd system~1\_resto~1' but when I try and type the ~ symbol on my UK keyboard a | comes up so I suppose it's set to US style.

                                          The key next to the 1 key, which consists of `and ¬ will make a ~ that is higher up than the one in the prompt/the one I've just demonstrated, would that still work? I've tried every other button and this is the closest it'll get.

                                          evilfantasy

                                          • Malware Removal Specialist
                                          • Moderator


                                          • Genius
                                          • Calm like a bomb
                                          • Thanked: 489
                                          • Experience: Familiar
                                          • OS: Windows 10
                                          Re: Your system is infected! (Please help if you can)
                                          « Reply #38 on: February 18, 2010, 05:00:55 PM »
                                          Try this.

                                          cd system32\_restore

                                          KayleyBug

                                            Topic Starter


                                            Beginner

                                            Re: Your system is infected! (Please help if you can)
                                            « Reply #39 on: February 18, 2010, 05:03:57 PM »
                                            I tried it with the weird high up ~ and it said access is denied so I followed the steps on the site, however after re-booting access was still denied.
                                            I tried cd system32\_restore but it says the system cannot find the file or directory specified.

                                            « Last Edit: February 18, 2010, 05:42:00 PM by KayleyBug »

                                            KayleyBug

                                              Topic Starter


                                              Beginner

                                              Re: Your system is infected! (Please help if you can)
                                              « Reply #40 on: February 18, 2010, 05:42:15 PM »
                                              Hate to bump myself, but I finally got it to work (just kept doing it over and over, it decided to work eventually) and according to the site, once you type dir
                                              'When you hit enter it will list all the restore points folders like "rp1", "rp2"
                                              well I don't see anything like that, I have a huge huge list (pages and pages) that starts out saying things like

                                              07/11/06  07:29a  d--h-c--    0 $NtUnistallKB873333$

                                              it goes on like this for a while, and nearer the end there are a couple of pages that are more vaired, like:

                                              02/19/10  12:58a -a------     216 wiadebug.log
                                              08/07/04  01:01p -arh----    749  WindowsShell.manifest

                                              evilfantasy

                                              • Malware Removal Specialist
                                              • Moderator


                                              • Genius
                                              • Calm like a bomb
                                              • Thanked: 489
                                              • Experience: Familiar
                                              • OS: Windows 10
                                              Re: Your system is infected! (Please help if you can)
                                              « Reply #41 on: February 18, 2010, 07:27:18 PM »
                                              I'm not sure that's what you need.

                                              When you were booting up with the CD was there an option to boot to the D drive which should be your recovery partition?

                                              KayleyBug

                                                Topic Starter


                                                Beginner

                                                Re: Your system is infected! (Please help if you can)
                                                « Reply #42 on: February 19, 2010, 04:13:48 AM »
                                                Ok, well it was worth a try :)

                                                Yes, I can enter D:\MiniNT if I press 2 instead of 1, I just assumed I needed the C drive because that's what the link you gave was explaining about. The prompt now say says D:\MiniNT>

                                                Let me know what I need to type in after the prompt, as the link you gave is for C drive prompts. Thanks for being so patient with me  :)

                                                evilfantasy

                                                • Malware Removal Specialist
                                                • Moderator


                                                • Genius
                                                • Calm like a bomb
                                                • Thanked: 489
                                                • Experience: Familiar
                                                • OS: Windows 10
                                                Re: Your system is infected! (Please help if you can)
                                                « Reply #43 on: February 19, 2010, 08:18:32 AM »
                                                You are going to loose all of your documents and stuff by doing this so be sure there is nothing you need to recover before trying this.

                                                Instructions here. http://www.laptops-drivers.com/miscellaneous/step-by-step-how-to-recover-hp-or-compaq-laptop.html

                                                KayleyBug

                                                  Topic Starter


                                                  Beginner

                                                  Re: Your system is infected! (Please help if you can)
                                                  « Reply #44 on: February 19, 2010, 08:22:07 AM »
                                                  Should I do destructive or non-destructive recovery? The link gives instructions for both options.

                                                  evilfantasy

                                                  • Malware Removal Specialist
                                                  • Moderator


                                                  • Genius
                                                  • Calm like a bomb
                                                  • Thanked: 489
                                                  • Experience: Familiar
                                                  • OS: Windows 10
                                                  Re: Your system is infected! (Please help if you can)
                                                  « Reply #45 on: February 19, 2010, 08:27:33 AM »
                                                  Try the non-destructive recovery first.

                                                  KayleyBug

                                                    Topic Starter


                                                    Beginner

                                                    Re: Your system is infected! (Please help if you can)
                                                    « Reply #46 on: February 19, 2010, 08:42:15 AM »
                                                    F10 doesn't have the same options as the link you gave me said it should, but when starting up my laptop it says Press F11 for Emergency Recovery, should I do that?
                                                    Do I need the CD we burned last night for this, or is that not necessary?

                                                    evilfantasy

                                                    • Malware Removal Specialist
                                                    • Moderator


                                                    • Genius
                                                    • Calm like a bomb
                                                    • Thanked: 489
                                                    • Experience: Familiar
                                                    • OS: Windows 10
                                                    Re: Your system is infected! (Please help if you can)
                                                    « Reply #47 on: February 19, 2010, 08:44:31 AM »
                                                    You shouldn't need the CD and use the Emergency Recovery.

                                                    KayleyBug

                                                      Topic Starter


                                                      Beginner

                                                      Re: Your system is infected! (Please help if you can)
                                                      « Reply #48 on: February 19, 2010, 08:52:12 AM »
                                                      Emergency Recovery just re-starts the computer. I don't see any options under F10 that seem to be for recovery. The only thing I can think of is to use the CD from last night and chose the 'set up Windows XP option', or take it to a computer repair place and ask them to recover it or wipe it for me?

                                                      evilfantasy

                                                      • Malware Removal Specialist
                                                      • Moderator


                                                      • Genius
                                                      • Calm like a bomb
                                                      • Thanked: 489
                                                      • Experience: Familiar
                                                      • OS: Windows 10
                                                      Re: Your system is infected! (Please help if you can)
                                                      « Reply #49 on: February 19, 2010, 08:54:23 AM »
                                                      F10 might be different for your computer. Whatever you used to get to the boot menu.

                                                      Do you have a friend you can borrow an install CD from.

                                                      KayleyBug

                                                        Topic Starter


                                                        Beginner

                                                        Re: Your system is infected! (Please help if you can)
                                                        « Reply #50 on: February 19, 2010, 09:10:57 AM »
                                                        I think if I go to F10 and select File - Restore Defaults it'll do it? Wipe everything clean?
                                                        But if I need an XP install CD to complete to process there's not much point, my laptop didn't come with one and everyone I can think of who might have a CD will only have Vista.

                                                        MODIFIED: I can't find any way to restore factory settings using F9, F10 or F11.
                                                        « Last Edit: February 19, 2010, 10:02:37 AM by KayleyBug »

                                                        KayleyBug

                                                          Topic Starter


                                                          Beginner

                                                          Re: Your system is infected! (Please help if you can)
                                                          « Reply #51 on: February 19, 2010, 10:27:54 AM »
                                                          Using Task Manager and going to 'New Task' and then 'Browse' I seem to be able to browse through my folders, including C drive. I managed to access System Restore (despite many boxes coming up telling me things like 'wininit.exe - unable to locate component' etc) but the ONLY restore point was for yesterday, when I still had this problem. All my other restore points have vanished.

                                                          Is there a way to access 'restory factory settings' this way? F11 is definitely supposed to be emergency recovery and should restore factory settings however nothing happens when I press F11 except that the computer re-boots.

                                                          Malawarebytes is the ONLY thing I've managed to open without any error boxs appearing, which seems odd. I'll run it but I can't post the results log obviously.

                                                          evilfantasy

                                                          • Malware Removal Specialist
                                                          • Moderator


                                                          • Genius
                                                          • Calm like a bomb
                                                          • Thanked: 489
                                                          • Experience: Familiar
                                                          • OS: Windows 10
                                                          Re: Your system is infected! (Please help if you can)
                                                          « Reply #52 on: February 19, 2010, 12:39:04 PM »
                                                          Try tapping the esc key and see if it brings up the boot options.

                                                          KayleyBug

                                                            Topic Starter


                                                            Beginner

                                                            Re: Your system is infected! (Please help if you can)
                                                            « Reply #53 on: February 19, 2010, 01:14:40 PM »
                                                            It's ok my boyfriend tried running sfc /scannow and explorer.exe started without any errors but I don't know yet how permanent it will be.

                                                            One thing that is wrong is the theme is the windows classic theme and that is the only available option whereas before I had the choice of Windows XP, Windows classic and Green.

                                                            I've created a restore point now so at least I have that to go back to. What should I do next?

                                                            evilfantasy

                                                            • Malware Removal Specialist
                                                            • Moderator


                                                            • Genius
                                                            • Calm like a bomb
                                                            • Thanked: 489
                                                            • Experience: Familiar
                                                            • OS: Windows 10
                                                            Re: Your system is infected! (Please help if you can)
                                                            « Reply #54 on: February 19, 2010, 01:16:45 PM »
                                                            What should I do next?

                                                            Go to Microsoft Windows Update and get all critical updates. There will probably be a bunch.

                                                            KayleyBug

                                                              Topic Starter


                                                              Beginner

                                                              Re: Your system is infected! (Please help if you can)
                                                              « Reply #55 on: February 19, 2010, 01:29:04 PM »
                                                              Critical updates installed. Still no proper XP theme, it all still looks like classic Windows. Should I install Service Pack 3 off the Microsoft site? (I have service pack 2 currently.)

                                                              evilfantasy

                                                              • Malware Removal Specialist
                                                              • Moderator


                                                              • Genius
                                                              • Calm like a bomb
                                                              • Thanked: 489
                                                              • Experience: Familiar
                                                              • OS: Windows 10
                                                              Re: Your system is infected! (Please help if you can)
                                                              « Reply #56 on: February 19, 2010, 01:45:15 PM »
                                                              You may need to go into your settings and adjust the theme.

                                                              Yes get SP3.

                                                              KayleyBug

                                                                Topic Starter


                                                                Beginner

                                                                Re: Your system is infected! (Please help if you can)
                                                                « Reply #57 on: February 19, 2010, 02:14:39 PM »
                                                                The theme's dissapeared, classic is the only option. SP3 is slowly installing, I'll just download a new theme once everything else is sorted. After SP3 has installed what do you want me to do? Hopefully the desktop will still be there after re-booting!

                                                                KayleyBug

                                                                  Topic Starter


                                                                  Beginner

                                                                  Re: Your system is infected! (Please help if you can)
                                                                  « Reply #58 on: February 19, 2010, 03:47:12 PM »
                                                                  SP3 has installed, XP theme is back :) Should I turn on Automatic Updates or just update periodically when I decide?

                                                                  Let me know what you want me to do next.

                                                                  evilfantasy

                                                                  • Malware Removal Specialist
                                                                  • Moderator


                                                                  • Genius
                                                                  • Calm like a bomb
                                                                  • Thanked: 489
                                                                  • Experience: Familiar
                                                                  • OS: Windows 10
                                                                  Re: Your system is infected! (Please help if you can)
                                                                  « Reply #59 on: February 19, 2010, 03:57:00 PM »
                                                                  I would turn on Automatic Updates.

                                                                  Run a virus scan. ;)

                                                                  KayleyBug

                                                                    Topic Starter


                                                                    Beginner

                                                                    Re: Your system is infected! (Please help if you can)
                                                                    « Reply #60 on: February 19, 2010, 06:04:55 PM »
                                                                    I ran a Malwarebytes full scan and it found 0 problems.

                                                                    New problem: my internet's decided to stop working on my laptop. It's connected, apparently, but says 'limited or no connectivity' and the internet icon at the bottom has an exclamation mark next to it as opposed to a check mark or an X which are the two things it normally uses. Could this be down to SP3? Obviously my internet in general is fine as I'm using the same wireless modem on this laptop.

                                                                    One thing after another, eh!  ::)

                                                                    Using a USB I got the log from Malwarebytes' scan, in case you need to take a look at that  :)

                                                                    Malwarebytes' Anti-Malware 1.44
                                                                    Database version: 3510
                                                                    Windows 5.1.2600 Service Pack 3
                                                                    Internet Explorer 7.0.5730.13

                                                                    20/02/2010 00:42:05
                                                                    mbam-log-2010-02-20 (00-42-05).txt

                                                                    Scan type: Full Scan (C:\|E:\|)
                                                                    Objects scanned: 223060
                                                                    Time elapsed: 1 hour(s), 21 minute(s), 25 second(s)

                                                                    Memory Processes Infected: 0
                                                                    Memory Modules Infected: 0
                                                                    Registry Keys Infected: 0
                                                                    Registry Values Infected: 0
                                                                    Registry Data Items Infected: 0
                                                                    Folders Infected: 0
                                                                    Files Infected: 0

                                                                    Memory Processes Infected:
                                                                    (No malicious items detected)

                                                                    Memory Modules Infected:
                                                                    (No malicious items detected)

                                                                    Registry Keys Infected:
                                                                    (No malicious items detected)

                                                                    Registry Values Infected:
                                                                    (No malicious items detected)

                                                                    Registry Data Items Infected:
                                                                    (No malicious items detected)

                                                                    Folders Infected:
                                                                    (No malicious items detected)

                                                                    Files Infected:
                                                                    (No malicious items detected)

                                                                    evilfantasy

                                                                    • Malware Removal Specialist
                                                                    • Moderator


                                                                    • Genius
                                                                    • Calm like a bomb
                                                                    • Thanked: 489
                                                                    • Experience: Familiar
                                                                    • OS: Windows 10
                                                                    Re: Your system is infected! (Please help if you can)
                                                                    « Reply #61 on: February 19, 2010, 06:08:01 PM »
                                                                    Make sure you have all web browsers closed.

                                                                    * Go into Control Panel > Network Connections
                                                                    * Right click on your connection then and click Properties
                                                                    * On the Properties page, highlight Internet Protocol(TCP/IP)
                                                                    * Click Properties, this will bring up another page.
                                                                    * Select Obtain DNS Server Automatically
                                                                    * Click the OK button. The page will close.
                                                                    * Press OK on the page in front of you.
                                                                    * Restart the computer.


                                                                    Any changes?

                                                                    KayleyBug

                                                                      Topic Starter


                                                                      Beginner

                                                                      Re: Your system is infected! (Please help if you can)
                                                                      « Reply #62 on: February 19, 2010, 06:18:25 PM »
                                                                      The Obtain DNS Server Automatically option was already selected.
                                                                      Restarted my laptop anyway - no change except the internet icon at the bottom looks like it's connected, instead of having an exclamation mark, but the internet still doesn't work.

                                                                      I've also noticed that my laptop takes much longer to start up the desktop after updating to SP3 - all the desktop icons take a long time to show up, is that because I now have so many due to all the anti-virus programs and log files on there?

                                                                      It could be a while before my next reply as it's 1.17am here and I have work in the morning.
                                                                      Let me know what needs doing and I'll try and sort it tomorrow.
                                                                      Thanks again for all your help so far :)

                                                                      evilfantasy

                                                                      • Malware Removal Specialist
                                                                      • Moderator


                                                                      • Genius
                                                                      • Calm like a bomb
                                                                      • Thanked: 489
                                                                      • Experience: Familiar
                                                                      • OS: Windows 10
                                                                      Re: Your system is infected! (Please help if you can)
                                                                      « Reply #63 on: February 19, 2010, 06:20:52 PM »
                                                                      No problem. I'll be around tomorrow.


                                                                      Go Start > Run (Start search in Vista) and type in: cmd

                                                                      Click  OK (in Vista, while holding CTRL, and SHIFT, press Enter).

                                                                      In  the Command Prompt window type in following commands, and press  Enter after each one:

                                                                      Code: [Select]
                                                                      ipconfig /flushdns
                                                                      Code: [Select]
                                                                      ipconfig /registerdns
                                                                      Code: [Select]
                                                                      ipconfig /release
                                                                      Code: [Select]
                                                                      ipconfig /renew
                                                                      Note the space before the forward slash /

                                                                      Restart your  computer.

                                                                      Any luck?

                                                                      If not I would take a few minutes and call your ISP to see if they can reset it on their end.
                                                                      « Last Edit: February 20, 2010, 09:41:55 AM by evilfantasy »

                                                                      KayleyBug

                                                                        Topic Starter


                                                                        Beginner

                                                                        Re: Your system is infected! (Please help if you can)
                                                                        « Reply #64 on: February 20, 2010, 03:59:34 AM »
                                                                        No luck with that sadly. I'm not sure if AOL can help as it's more a problem with my laptop than the internet in general, as 2 other laptops and the computer in my house are managing to connect. So far (using my hit-and-miss Googling skills) I've discovered that one person had the same problem and resolved it by:
                                                                        uninstalling and reinstalling Client Services by going into Local Area Connection Properties.

                                                                        One website suggests letting Windows manage my Wireless network adapter by:
                                                                            1. Click Start -  Run and type “services.msc” and press enter.

                                                                            2. Scroll down to locate “Wireless Zero Configuration”

                                                                            3. Right-click and select “Start”

                                                                        Lastly AOL's website suggested Zone Alarm might be blocking it, which I hadn't thought to check.

                                                                        Once I'm home from work I'll try at least the Zone Alarm option, but I'd rather have your opinion before I start messing around with everything else :)

                                                                        KayleyBug

                                                                          Topic Starter


                                                                          Beginner

                                                                          Re: Your system is infected! (Please help if you can)
                                                                          « Reply #65 on: February 20, 2010, 11:33:15 AM »
                                                                          Success! I did a system restore to before I updated to SP3 and now I have my XP theme back (which I didn't have before I installed SP3 so that's weird but cool) and now internet works :)

                                                                          My computer's still a little slower than before at loading the desktop, it's just the background pic for a bit and then it flickers to black and then back to the picture, and that's when the icons finally appear.
                                                                          The Start bar loads straight away though. Is this because I have about 30 desktop icons now, as opposed to the 5 I had before installing everything to it?

                                                                          evilfantasy

                                                                          • Malware Removal Specialist
                                                                          • Moderator


                                                                          • Genius
                                                                          • Calm like a bomb
                                                                          • Thanked: 489
                                                                          • Experience: Familiar
                                                                          • OS: Windows 10
                                                                          Re: Your system is infected! (Please help if you can)
                                                                          « Reply #66 on: February 20, 2010, 02:37:48 PM »
                                                                          You should run a Malwarebytes scan and see if it turns up anything.

                                                                          KayleyBug

                                                                            Topic Starter


                                                                            Beginner

                                                                            Re: Your system is infected! (Please help if you can)
                                                                            « Reply #67 on: February 20, 2010, 04:27:10 PM »
                                                                            Malwarebytes' Anti-Malware 1.44
                                                                            Database version: 3510
                                                                            Windows 5.1.2600 Service Pack 2
                                                                            Internet Explorer 7.0.5730.13

                                                                            20/02/2010 23:24:56
                                                                            mbam-log-2010-02-20 (23-24-56).txt

                                                                            Scan type: Quick Scan
                                                                            Objects scanned: 124335
                                                                            Time elapsed: 7 minute(s), 55 second(s)

                                                                            Memory Processes Infected: 0
                                                                            Memory Modules Infected: 0
                                                                            Registry Keys Infected: 0
                                                                            Registry Values Infected: 0
                                                                            Registry Data Items Infected: 0
                                                                            Folders Infected: 0
                                                                            Files Infected: 0

                                                                            Memory Processes Infected:
                                                                            (No malicious items detected)

                                                                            Memory Modules Infected:
                                                                            (No malicious items detected)

                                                                            Registry Keys Infected:
                                                                            (No malicious items detected)

                                                                            Registry Values Infected:
                                                                            (No malicious items detected)

                                                                            Registry Data Items Infected:
                                                                            (No malicious items detected)

                                                                            Folders Infected:
                                                                            (No malicious items detected)

                                                                            Files Infected:
                                                                            (No malicious items detected)


                                                                            I think I might try de-fragmenting my laptop on Sunday, haven't done that in well over a year so that's probably slowing things down a bit.
                                                                            Can you recommend a good, user-friendly firewall? I've got ZoneAlarm but I'm not a fan of it, and I know Windows firewall isn't very good on XP.

                                                                            evilfantasy

                                                                            • Malware Removal Specialist
                                                                            • Moderator


                                                                            • Genius
                                                                            • Calm like a bomb
                                                                            • Thanked: 489
                                                                            • Experience: Familiar
                                                                            • OS: Windows 10
                                                                            Re: Your system is infected! (Please help if you can)
                                                                            « Reply #68 on: February 20, 2010, 04:30:00 PM »
                                                                            Getting rid of ZoneAlarm is probably a good idea. I've never liked it much.

                                                                            Try this. Online Armor. Be sure to completely uninstall ZA before installing OA.

                                                                            You can use the built in Windows defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

                                                                            Important! Be sure to uncheck Install optional Yahoo! Toolbar during the install process to avoid installing the Yahoo! Toolbar.

                                                                            Note: Be sure to clean out temp files (run CCleaner) and restart the computer just before beginning a defrag.

                                                                            KayleyBug

                                                                              Topic Starter


                                                                              Beginner

                                                                              Re: Your system is infected! (Please help if you can)
                                                                              « Reply #69 on: February 20, 2010, 04:31:22 PM »
                                                                              Thanks :) Does this mean my laptop is all clear?

                                                                              evilfantasy

                                                                              • Malware Removal Specialist
                                                                              • Moderator


                                                                              • Genius
                                                                              • Calm like a bomb
                                                                              • Thanked: 489
                                                                              • Experience: Familiar
                                                                              • OS: Windows 10
                                                                              Re: Your system is infected! (Please help if you can)
                                                                              « Reply #70 on: February 20, 2010, 04:32:56 PM »
                                                                              You can post a new HijackThis log for a double check.

                                                                              KayleyBug

                                                                                Topic Starter


                                                                                Beginner

                                                                                Re: Your system is infected! (Please help if you can)
                                                                                « Reply #71 on: February 20, 2010, 04:35:04 PM »
                                                                                Logfile of Trend Micro HijackThis v2.0.2
                                                                                Scan saved at 23:35:08, on 20/02/2010
                                                                                Platform: Windows XP SP2 (WinNT 5.01.2600)
                                                                                MSIE: Internet Explorer v7.00 (7.00.6000.16674)
                                                                                Boot mode: Normal

                                                                                Running processes:
                                                                                C:\WINDOWS\System32\smss.exe
                                                                                C:\WINDOWS\system32\winlogon.exe
                                                                                C:\WINDOWS\system32\services.exe
                                                                                C:\WINDOWS\system32\lsass.exe
                                                                                C:\WINDOWS\system32\Ati2evxx.exe
                                                                                C:\WINDOWS\system32\svchost.exe
                                                                                C:\Program Files\Windows Defender\MsMpEng.exe
                                                                                C:\WINDOWS\System32\svchost.exe
                                                                                C:\WINDOWS\system32\ZoneLabs\vsmon.exe
                                                                                C:\WINDOWS\system32\spoolsv.exe
                                                                                C:\WINDOWS\system32\Ati2evxx.exe
                                                                                C:\WINDOWS\Explorer.EXE
                                                                                C:\Program Files\HPQ\IAM\bin\asghost.exe
                                                                                C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                                                                                C:\WINDOWS\UMStor\Res.EXE
                                                                                C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
                                                                                C:\Program Files\iTunes\iTunesHelper.exe
                                                                                C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                C:\Program Files\Windows Defender\MSASCui.exe
                                                                                C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                                                                                C:\WINDOWS\system32\ctfmon.exe
                                                                                C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                C:\WINDOWS\System32\svchost.exe
                                                                                C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                C:\WINDOWS\system32\IFXTCS.exe
                                                                                C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                                                                                C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                                                                                C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                C:\WINDOWS\system32\svchost.exe
                                                                                C:\WINDOWS\system32\mqsvc.exe
                                                                                C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                C:\WINDOWS\system32\mqtgsvc.exe
                                                                                C:\Program Files\iPod\bin\iPodService.exe
                                                                                C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
                                                                                C:\WINDOWS\system32\wscntfy.exe
                                                                                C:\Program Files\Common Files\Teleca Shared\Generic.exe
                                                                                C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                                                                                C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
                                                                                C:\Program Files\Windows Live\Contacts\wlcomm.exe
                                                                                C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

                                                                                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
                                                                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
                                                                                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
                                                                                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
                                                                                O1 - Hosts: ˙ž127.0.0.1 localhost
                                                                                O1 - Hosts: ::1 localhost
                                                                                O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                                                                                O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                                                                                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                                                                O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                                                                                O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                                                                                O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                                                                                O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
                                                                                O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
                                                                                O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                                                                                O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
                                                                                O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
                                                                                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                                                                                O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                                                                                O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                                                                                O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
                                                                                O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                                                                                O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                                                                                O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                                                                                O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                                                                                O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                                                                                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                                                                                O4 - HKCU\..\Run: [Kbdgui] rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat""
                                                                                O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                                                                O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                                                                                O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                                                                                O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                                                                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                                                                                O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
                                                                                O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                                                                                O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                                                O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                                                                                O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                                                                                O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                                                                                O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                                                                                O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                                                                                O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
                                                                                O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
                                                                                O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
                                                                                O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
                                                                                O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                                                                                O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                                                                                O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                                                                                O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                                                                                O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                                                                                O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                                                                O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
                                                                                O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
                                                                                O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                                                                                O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                                                                                O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                                                                                O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                                                                O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
                                                                                O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                                                                O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
                                                                                O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
                                                                                O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

                                                                                --
                                                                                End of file - 11311 bytes

                                                                                evilfantasy

                                                                                • Malware Removal Specialist
                                                                                • Moderator


                                                                                • Genius
                                                                                • Calm like a bomb
                                                                                • Thanked: 489
                                                                                • Experience: Familiar
                                                                                • OS: Windows 10
                                                                                Re: Your system is infected! (Please help if you can)
                                                                                « Reply #72 on: February 20, 2010, 04:48:00 PM »
                                                                                Quote
                                                                                Checking: Platform: Windows XP SP2 (WinNT 5.01.2600)

                                                                                You should get SP3 ASAP. There are many security related updates as well as stability improvements included with SP3.

                                                                                Something is wrong here. Looks like your HOSTS file is messed up. Might be contributing to your connection issues. Looks like there is indeed an infection also.

                                                                                If you are going to remove Zone Alarm go ahead and do it now so it does not interfere with the fixes. Wait until we are done to install Online Armour.

                                                                                Open HijackThis and select Do a system scan only

                                                                                Place a check mark next to the following entries: (if there)

                                                                                • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
                                                                                • O1 - Hosts: ˙ž127.0.0.1 localhost
                                                                                • O1 - Hosts: ::1 localhost
                                                                                • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
                                                                                • O4 - HKCU\..\Run: [Kbdgui] rundll32.exe \"C:\Documents and Settings\Administrator\Application Data\Adobe\Update\traykbd.dat\"\"
                                                                                .
                                                                                Important: Close all open windows except for HijackThis and then click Fix checked.

                                                                                Once completed, exit HijackThis.

                                                                                ----------

                                                                                Download HostsXpert and then follow the below steps.

                                                                                * Unzip HostXpert to your desktop.
                                                                                * Open up the HostsXpert program.
                                                                                * (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)
                                                                                * Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).
                                                                                * Click Create Back Up.
                                                                                * Then click on Restore Microsoft's Host Files.
                                                                                * Close the HostsXpert program.

                                                                                Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

                                                                                ----------

                                                                                If you already have ComboFix be sure to delete it and download a new copy.

                                                                                Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

                                                                                Link #1
                                                                                Link #2

                                                                                **Note:  It is important that it is saved directly to your Desktop

                                                                                Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

                                                                                Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
                                                                                 
                                                                                Double click combofix.exe & follow the prompts.
                                                                                Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
                                                                                When finished ComboFix will produce a log for you.
                                                                                Post the ComboFix log in your next reply.

                                                                                Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                                                                                Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

                                                                                If you have problems with ComboFix usage, see How to use ComboFix


                                                                                KayleyBug

                                                                                  Topic Starter


                                                                                  Beginner

                                                                                  Re: Your system is infected! (Please help if you can)
                                                                                  « Reply #73 on: February 20, 2010, 04:55:06 PM »
                                                                                  Can I do all these things before installing SP3?
                                                                                  Installing SP3 is what messed up my internet connection the first time so I want to get all this sorted first if possible, there's no way SP3 will undo these instructions is there? If I install it after?

                                                                                  evilfantasy

                                                                                  • Malware Removal Specialist
                                                                                  • Moderator


                                                                                  • Genius
                                                                                  • Calm like a bomb
                                                                                  • Thanked: 489
                                                                                  • Experience: Familiar
                                                                                  • OS: Windows 10
                                                                                  Re: Your system is infected! (Please help if you can)
                                                                                  « Reply #74 on: February 20, 2010, 05:10:38 PM »
                                                                                  Yes it's best to wait until we get done before going to SP3.

                                                                                  KayleyBug

                                                                                    Topic Starter


                                                                                    Beginner

                                                                                    Re: Your system is infected! (Please help if you can)
                                                                                    « Reply #75 on: February 20, 2010, 05:34:28 PM »
                                                                                    Here's the combofix log.

                                                                                    If it's of any importance, I've noticed that suddenly, each time my computer starts up, a shortcut to Internet Explorer appears on my desktop.
                                                                                    I always delete the shortcut as I use Firefox, but then the next time I start up my laptop, there it is again on the desktop!



                                                                                    ComboFix 10-02-20.03 - Kayley E R 21/02/2010   0:15.3.1 - x86
                                                                                    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.394 [GMT 0:00]
                                                                                    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
                                                                                    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                                                                                    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

                                                                                    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
                                                                                    .

                                                                                    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                                                                                    .

                                                                                    c:\docume~1\ADMINI~1\LOCALS~1\Temp\21303429133.nls
                                                                                    c:\documents and settings\Administrator\Local Settings\temp\21303429133.nls

                                                                                    .
                                                                                    (((((((((((((((((((((((((   Files Created from 2010-01-21 to 2010-02-21  )))))))))))))))))))))))))))))))
                                                                                    .

                                                                                    2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
                                                                                    2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
                                                                                    2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
                                                                                    2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
                                                                                    2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
                                                                                    2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
                                                                                    2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
                                                                                    2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
                                                                                    2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
                                                                                    2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
                                                                                    2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
                                                                                    2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
                                                                                    2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
                                                                                    2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
                                                                                    2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
                                                                                    2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
                                                                                    2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
                                                                                    2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
                                                                                    2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
                                                                                    2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
                                                                                    2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
                                                                                    2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
                                                                                    2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
                                                                                    2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
                                                                                    2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
                                                                                    2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
                                                                                    2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
                                                                                    2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
                                                                                    2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
                                                                                    2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
                                                                                    2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
                                                                                    2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
                                                                                    2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
                                                                                    2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
                                                                                    2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
                                                                                    2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
                                                                                    2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
                                                                                    2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
                                                                                    2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
                                                                                    2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
                                                                                    2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
                                                                                    2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
                                                                                    2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
                                                                                    2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
                                                                                    2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
                                                                                    2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
                                                                                    2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
                                                                                    2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
                                                                                    2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
                                                                                    2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
                                                                                    2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
                                                                                    2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
                                                                                    2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
                                                                                    2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
                                                                                    2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
                                                                                    2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
                                                                                    2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
                                                                                    2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
                                                                                    2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
                                                                                    2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
                                                                                    2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
                                                                                    2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
                                                                                    2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
                                                                                    2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
                                                                                    2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
                                                                                    2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
                                                                                    2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
                                                                                    2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
                                                                                    2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
                                                                                    2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
                                                                                    2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
                                                                                    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                                                                                    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
                                                                                    2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
                                                                                    2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
                                                                                    2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                                                                                    2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                                                                                    2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
                                                                                    2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                                                                                    2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
                                                                                    2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
                                                                                    2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

                                                                                    .
                                                                                    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                                                                    .
                                                                                    2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
                                                                                    2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
                                                                                    2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
                                                                                    2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
                                                                                    2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
                                                                                    2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                                                                                    2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                                                                                    2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
                                                                                    2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
                                                                                    2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
                                                                                    2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
                                                                                    2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
                                                                                    2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
                                                                                    2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
                                                                                    2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
                                                                                    .

                                                                                    ------- Sigcheck -------

                                                                                    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
                                                                                    [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
                                                                                    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
                                                                                    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
                                                                                    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
                                                                                    [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
                                                                                    [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

                                                                                    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
                                                                                    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
                                                                                    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
                                                                                    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
                                                                                    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
                                                                                    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
                                                                                    [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
                                                                                    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
                                                                                    [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
                                                                                    [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
                                                                                    [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
                                                                                    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

                                                                                    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
                                                                                    [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
                                                                                    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
                                                                                    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
                                                                                    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
                                                                                    [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
                                                                                    [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
                                                                                    [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

                                                                                    [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
                                                                                    [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
                                                                                    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
                                                                                    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
                                                                                    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
                                                                                    [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
                                                                                    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
                                                                                    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
                                                                                    [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
                                                                                    [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
                                                                                    [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
                                                                                    [7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

                                                                                    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
                                                                                    [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
                                                                                    [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
                                                                                    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
                                                                                    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
                                                                                    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
                                                                                    [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
                                                                                    [7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

                                                                                    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
                                                                                    [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
                                                                                    [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
                                                                                    [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
                                                                                    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
                                                                                    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
                                                                                    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
                                                                                    [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
                                                                                    [7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

                                                                                    [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
                                                                                    [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
                                                                                    [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
                                                                                    [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
                                                                                    [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
                                                                                    [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
                                                                                    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
                                                                                    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
                                                                                    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
                                                                                    [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
                                                                                    [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
                                                                                    [7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

                                                                                    [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
                                                                                    [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
                                                                                    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
                                                                                    [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
                                                                                    [7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

                                                                                    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
                                                                                    [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
                                                                                    [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
                                                                                    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
                                                                                    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
                                                                                    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
                                                                                    [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
                                                                                    [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

                                                                                    [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
                                                                                    [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
                                                                                    [-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
                                                                                    [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
                                                                                    [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
                                                                                    [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
                                                                                    [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
                                                                                    [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
                                                                                    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
                                                                                    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
                                                                                    [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
                                                                                    [-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
                                                                                    [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
                                                                                    [7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

                                                                                    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
                                                                                    [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
                                                                                    [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
                                                                                    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
                                                                                    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
                                                                                    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
                                                                                    [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
                                                                                    [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

                                                                                    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
                                                                                    [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
                                                                                    [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
                                                                                    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
                                                                                    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
                                                                                    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
                                                                                    [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
                                                                                    [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

                                                                                    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
                                                                                    [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
                                                                                    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
                                                                                    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
                                                                                    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
                                                                                    [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
                                                                                    [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

                                                                                    [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
                                                                                    [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
                                                                                    [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
                                                                                    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
                                                                                    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
                                                                                    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
                                                                                    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
                                                                                    [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
                                                                                    [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

                                                                                    [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
                                                                                    [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
                                                                                    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
                                                                                    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
                                                                                    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
                                                                                    [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

                                                                                    [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
                                                                                    [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
                                                                                    [-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
                                                                                    [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
                                                                                    [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
                                                                                    [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
                                                                                    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
                                                                                    [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
                                                                                    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
                                                                                    [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
                                                                                    [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
                                                                                    [-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
                                                                                    [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
                                                                                    [7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
                                                                                    .
                                                                                    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                                                                    .
                                                                                    .
                                                                                    *Note* empty entries & legit default entries are not shown
                                                                                    REGEDIT4

                                                                                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                                                                    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
                                                                                    "Kbdgui"="c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat" [2010-02-16 123392]
                                                                                    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

                                                                                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                                                                    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
                                                                                    "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
                                                                                    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
                                                                                    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
                                                                                    "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
                                                                                    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
                                                                                    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
                                                                                    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
                                                                                    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
                                                                                    "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
                                                                                    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
                                                                                    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
                                                                                    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
                                                                                    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
                                                                                    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

                                                                                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                                                                                    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

                                                                                    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
                                                                                    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

                                                                                    c:\documents and settings\All Users\Start Menu\Programs\Startup\
                                                                                    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
                                                                                    AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
                                                                                    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

                                                                                    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                                                                                    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                                                                                    2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
                                                                                    2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
                                                                                    2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
                                                                                    2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

                                                                                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                                                                                    @="Service"

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
                                                                                    "DisableMonitoring"=dword:00000001

                                                                                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                                                                                    "%windir%\\system32\\sessmgr.exe"=
                                                                                    "c:\\WINDOWS\\system32\\mqsvc.exe"=
                                                                                    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
                                                                                    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
                                                                                    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
                                                                                    "c:\\Program Files\\AOL 9.0\\waol.exe"=
                                                                                    "c:\\Program Files\\AOL\\RC\\regClient.exe"=
                                                                                    "c:\\Program Files\\AOL 9.0a\\waol.exe"=
                                                                                    "c:\\Program Files\\Messenger\\msmsgs.exe"=
                                                                                    "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                                                                                    "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                                                                                    "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                                                                                    "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                                                                                    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                                                                                    "c:\\Program Files\\iTunes\\iTunes.exe"=
                                                                                    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                                                                                    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
                                                                                    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
                                                                                    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                                                                                    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

                                                                                    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
                                                                                    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
                                                                                    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
                                                                                    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
                                                                                    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
                                                                                    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
                                                                                    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
                                                                                    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
                                                                                    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
                                                                                    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
                                                                                    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
                                                                                    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
                                                                                    S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
                                                                                    S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
                                                                                    S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
                                                                                    S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
                                                                                    S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

                                                                                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                                                                                    Cognizance   REG_MULTI_SZ      ASChannel
                                                                                    .
                                                                                    Contents of the 'Scheduled Tasks' folder

                                                                                    2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
                                                                                    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
                                                                                    .
                                                                                    .
                                                                                    ------- Supplementary Scan -------
                                                                                    .
                                                                                    uStart Page = hxxp://www.hp.com/
                                                                                    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                                                                                    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
                                                                                    uInternet Settings,ProxyServer = 127.0.0.1:8080
                                                                                    uSearchAssistant = hxxp://www.google.com/ie
                                                                                    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                                                                                    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                                                                                    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                                                    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
                                                                                    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
                                                                                    FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
                                                                                    .
                                                                                    - - - - ORPHANS REMOVED - - - -

                                                                                    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



                                                                                    **************************************************************************

                                                                                    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                                                                                    Rootkit scan 2010-02-21 00:25
                                                                                    Windows 5.1.2600 Service Pack 2 NTFS

                                                                                    scanning hidden processes ... 

                                                                                    scanning hidden autostart entries ...

                                                                                    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                                                                                      LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

                                                                                    scanning hidden files ... 

                                                                                    scan completed successfully
                                                                                    hidden files: 0

                                                                                    **************************************************************************
                                                                                    .
                                                                                    --------------------- DLLs Loaded Under Running Processes ---------------------

                                                                                    - - - - - - - > 'winlogon.exe'(896)
                                                                                    c:\program files\SUPERAntiSpyware\SASWINLO.dll
                                                                                    c:\windows\system32\Ati2evxx.dll
                                                                                    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
                                                                                    c:\windows\system32\IfxWlxEN.dll
                                                                                    c:\program files\HPQ\IAM\Bin\ASChnl.dll
                                                                                    c:\program files\HPQ\IAM\Bin\ItMsg.dll

                                                                                    - - - - - - - > 'explorer.exe'(3616)
                                                                                    c:\program files\HPQ\IAM\Bin\SFSShell.dll
                                                                                    c:\program files\HPQ\IAM\bin\ItMsg.dll
                                                                                    c:\windows\system32\msi.dll
                                                                                    .
                                                                                    ------------------------ Other Running Processes ------------------------
                                                                                    .
                                                                                    c:\windows\system32\Ati2evxx.exe
                                                                                    c:\windows\system32\DllHost.exe
                                                                                    c:\windows\system32\Ati2evxx.exe
                                                                                    c:\program files\HPQ\IAM\bin\asghost.exe
                                                                                    c:\windows\system32\msdtc.exe
                                                                                    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                    c:\program files\Bonjour\mDNSResponder.exe
                                                                                    c:\windows\system32\IFXSPMGT.exe
                                                                                    c:\windows\system32\IFXTCS.exe
                                                                                    c:\program files\Common Files\LightScribe\LSSrvc.exe
                                                                                    c:\progra~1\AVG\AVG8\avgrsx.exe
                                                                                    c:\progra~1\AVG\AVG8\avgnsx.exe
                                                                                    c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                    c:\windows\system32\wdfmgr.exe
                                                                                    c:\windows\system32\mqsvc.exe
                                                                                    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                    c:\windows\system32\mqtgsvc.exe
                                                                                    c:\program files\iPod\bin\iPodService.exe
                                                                                    c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
                                                                                    c:\windows\system32\wscntfy.exe
                                                                                    c:\program files\Common Files\Teleca Shared\Generic.exe
                                                                                    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                                                                                    .
                                                                                    **************************************************************************
                                                                                    .
                                                                                    Completion time: 2010-02-21  00:31:18 - machine was rebooted
                                                                                    ComboFix-quarantined-files.txt  2010-02-21 00:31
                                                                                    ComboFix2.txt  2010-02-18 00:47

                                                                                    Pre-Run: 17,715,023,872 bytes free
                                                                                    Post-Run: 17,701,199,872 bytes free

                                                                                    - - End Of File - - CF665D58AC6EB237F728909C10C7FEB3

                                                                                    evilfantasy

                                                                                    • Malware Removal Specialist
                                                                                    • Moderator


                                                                                    • Genius
                                                                                    • Calm like a bomb
                                                                                    • Thanked: 489
                                                                                    • Experience: Familiar
                                                                                    • OS: Windows 10
                                                                                    Re: Your system is infected! (Please help if you can)
                                                                                    « Reply #76 on: February 20, 2010, 05:42:04 PM »
                                                                                    Please go to Jotti's malware scan
                                                                                    (If more than one file needs scanned they must be done separately and logs posted for each one)

                                                                                    * Copy the file path in the below Code box:
                                                                                    Code: [Select]
                                                                                    c:\documents and settings\Administrator\Application Data\Adobe\Update\traykbd.dat* At the upload site, click once inside the window next to Browse.
                                                                                    * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
                                                                                    * Next click Submit file
                                                                                    * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
                                                                                    * This will perform a scan across multiple different virus scanning engines.
                                                                                    * Important: Wait for all of the scanning engines to complete.
                                                                                    * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

                                                                                    evilfantasy

                                                                                    • Malware Removal Specialist
                                                                                    • Moderator


                                                                                    • Genius
                                                                                    • Calm like a bomb
                                                                                    • Thanked: 489
                                                                                    • Experience: Familiar
                                                                                    • OS: Windows 10
                                                                                    Re: Your system is infected! (Please help if you can)
                                                                                    « Reply #77 on: February 20, 2010, 05:43:42 PM »
                                                                                    Also do you use any Norton software?

                                                                                    Quote
                                                                                    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

                                                                                    KayleyBug

                                                                                      Topic Starter


                                                                                      Beginner

                                                                                      Re: Your system is infected! (Please help if you can)
                                                                                      « Reply #78 on: February 20, 2010, 05:48:25 PM »
                                                                                      No I'm not using any Norton software, I don't think I ever have on this laptop.
                                                                                      (Jotti's malware scan in progress)

                                                                                      KayleyBug

                                                                                        Topic Starter


                                                                                        Beginner

                                                                                        Re: Your system is infected! (Please help if you can)
                                                                                        « Reply #79 on: February 20, 2010, 05:54:40 PM »
                                                                                        http://virusscan.jotti.org/en-gb/scanresult/fe6a9175644fc67b8bb3c3cf22614ddea05e1c44

                                                                                        Looks like VBA32 found SSCope.Trojan.Agent.084  :-\

                                                                                        Checked my add or remove programs, I definitely don't have Norton.

                                                                                        evilfantasy

                                                                                        • Malware Removal Specialist
                                                                                        • Moderator


                                                                                        • Genius
                                                                                        • Calm like a bomb
                                                                                        • Thanked: 489
                                                                                        • Experience: Familiar
                                                                                        • OS: Windows 10
                                                                                        Re: Your system is infected! (Please help if you can)
                                                                                        « Reply #80 on: February 20, 2010, 05:57:43 PM »
                                                                                        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                                                                                        It must be Notepad, not Wordpad.
                                                                                        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                                                                                        Code: [Select]
                                                                                        KillAll::

                                                                                        SecCenter::
                                                                                        {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

                                                                                        Registry::
                                                                                        [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

                                                                                        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                                                                        "Kbdgui"=-


                                                                                        3. Go to the Notepad window and click Edit > Paste
                                                                                        4. Then click File > Save
                                                                                        5. Name the file CFScript.txt - Save the file to your Desktop
                                                                                        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                                                                                        ComboFix will begin to execute, just follow the prompts.
                                                                                        After reboot (in case it asks to reboot), it will produce a log for you.
                                                                                        Post that log (Combofix.txt) in your next reply.

                                                                                        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

                                                                                        KayleyBug

                                                                                          Topic Starter


                                                                                          Beginner

                                                                                          Re: Your system is infected! (Please help if you can)
                                                                                          « Reply #81 on: February 20, 2010, 06:17:26 PM »
                                                                                          After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?


                                                                                          ComboFix 10-02-20.03 - Kayley E R 21/02/2010   1:01.4.1 - x86
                                                                                          Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.375 [GMT 0:00]
                                                                                          Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
                                                                                          Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
                                                                                          AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

                                                                                          WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
                                                                                          .

                                                                                          (((((((((((((((((((((((((   Files Created from 2010-01-21 to 2010-02-21  )))))))))))))))))))))))))))))))
                                                                                          .

                                                                                          2010-02-20 18:24 . 2010-02-20 18:24   --------   d-----w-   c:\windows\system32\wbem\Repository
                                                                                          2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\system32\scripting
                                                                                          2010-02-19 22:30 . 2010-02-19 22:30   --------   d-----w-   c:\windows\l2schemas
                                                                                          2010-02-19 22:27 . 2010-02-19 22:31   --------   d-----w-   c:\windows\ServicePackFiles
                                                                                          2010-02-19 18:30 . 2004-08-04 00:56   116224   ----a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
                                                                                          2010-02-19 18:30 . 2001-08-17 22:36   23040   ----a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
                                                                                          2010-02-19 18:30 . 2001-08-17 22:36   17408   ----a-w-   c:\windows\system32\dllcache\xrxscnui.dll
                                                                                          2010-02-19 18:30 . 2001-08-17 22:37   27648   ----a-w-   c:\windows\system32\dllcache\xrxftplt.exe
                                                                                          2010-02-19 18:30 . 2001-08-17 22:37   4608   ----a-w-   c:\windows\system32\dllcache\xrxflnch.exe
                                                                                          2010-02-19 18:29 . 2001-08-17 22:37   99865   ----a-w-   c:\windows\system32\dllcache\xlog.exe
                                                                                          2010-02-19 18:29 . 2001-08-17 12:11   16970   ----a-w-   c:\windows\system32\dllcache\xem336n5.sys
                                                                                          2010-02-19 18:29 . 2004-08-03 22:29   19455   ----a-w-   c:\windows\system32\dllcache\wvchntxx.sys
                                                                                          2010-02-19 18:29 . 2004-08-03 22:29   12063   ----a-w-   c:\windows\system32\dllcache\wsiintxx.sys
                                                                                          2010-02-19 18:29 . 2004-08-03 22:31   154624   ----a-w-   c:\windows\system32\dllcache\wlluc48.sys
                                                                                          2010-02-19 18:29 . 2001-08-17 12:12   34890   ----a-w-   c:\windows\system32\dllcache\wlandrv2.sys
                                                                                          2010-02-19 18:27 . 2001-08-17 12:13   19528   ----a-w-   c:\windows\system32\dllcache\w840nd.sys
                                                                                          2010-02-19 18:26 . 2001-08-17 13:28   793598   ----a-w-   c:\windows\system32\dllcache\usr1806.sys
                                                                                          2010-02-19 18:25 . 2001-08-17 22:36   216064   ----a-w-   c:\windows\system32\dllcache\um34scan.dll
                                                                                          2010-02-19 18:24 . 2001-08-17 14:02   230912   ----a-w-   c:\windows\system32\dllcache\tosdvd03.sys
                                                                                          2010-02-19 18:23 . 2001-08-17 14:07   32640   ----a-w-   c:\windows\system32\dllcache\symc8xx.sys
                                                                                          2010-02-19 18:22 . 2001-08-17 12:11   48736   ----a-w-   c:\windows\system32\dllcache\srwlnd5.sys
                                                                                          2010-02-19 18:21 . 2004-08-04 13:00   40448   ----a-w-   c:\windows\system32\dllcache\snmpthrd.dll
                                                                                          2010-02-19 18:20 . 2001-08-17 12:12   91294   ----a-w-   c:\windows\system32\dllcache\skfpwin.sys
                                                                                          2010-02-19 18:19 . 2001-07-21 14:29   161568   ----a-w-   c:\windows\system32\dllcache\sgsmusb.sys
                                                                                          2010-02-19 18:18 . 2001-08-17 13:51   23936   ----a-w-   c:\windows\system32\dllcache\sccmn50m.sys
                                                                                          2010-02-19 18:17 . 2004-08-04 13:00   79872   ----a-w-   c:\windows\system32\dllcache\rwia330.dll
                                                                                          2010-02-19 18:16 . 2001-08-17 13:28   899146   ----a-w-   c:\windows\system32\dllcache\r2mdkxga.sys
                                                                                          2010-02-19 18:15 . 2001-08-17 13:51   16128   ----a-w-   c:\windows\system32\dllcache\pscr.sys
                                                                                          2010-02-19 18:14 . 2001-08-17 22:36   86016   ----a-w-   c:\windows\system32\dllcache\pctspk.exe
                                                                                          2010-02-19 18:13 . 2001-08-17 14:05   48000   ----a-w-   c:\windows\system32\dllcache\ovcam2.sys
                                                                                          2010-02-19 18:12 . 2001-08-17 12:20   87040   ----a-w-   c:\windows\system32\dllcache\nm6wdm.sys
                                                                                          2010-02-19 18:12 . 2001-08-17 12:20   126080   ----a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
                                                                                          2010-02-19 18:12 . 2004-08-04 13:00   53248   ----a-w-   c:\windows\system32\dllcache\nextlink.dll
                                                                                          2010-02-19 18:12 . 2001-08-17 12:12   32840   ----a-w-   c:\windows\system32\dllcache\ngrpci.sys
                                                                                          2010-02-19 18:12 . 2004-08-03 22:31   132695   ----a-w-   c:\windows\system32\dllcache\netwlan5.sys
                                                                                          2010-02-19 18:12 . 2001-08-17 12:11   65278   ----a-w-   c:\windows\system32\dllcache\netflx3.sys
                                                                                          2010-02-19 18:12 . 2001-08-17 12:50   39264   ----a-w-   c:\windows\system32\dllcache\neo20xx.sys
                                                                                          2010-02-19 18:12 . 2001-08-17 22:36   60480   ----a-w-   c:\windows\system32\dllcache\neo20xx.dll
                                                                                          2010-02-19 18:12 . 2001-08-17 13:49   15872   ----a-w-   c:\windows\system32\dllcache\ne2000.sys
                                                                                          2010-02-19 18:11 . 2001-08-17 14:56   91488   ----a-w-   c:\windows\system32\dllcache\n9i3disp.dll
                                                                                          2010-02-19 18:11 . 2001-08-17 12:50   27936   ----a-w-   c:\windows\system32\dllcache\n9i3d.sys
                                                                                          2010-02-19 18:11 . 2001-08-17 12:50   33088   ----a-w-   c:\windows\system32\dllcache\n9i128v2.sys
                                                                                          2010-02-19 18:11 . 2001-08-17 22:36   59104   ----a-w-   c:\windows\system32\dllcache\n9i128v2.dll
                                                                                          2010-02-19 18:11 . 2001-08-17 12:50   13664   ----a-w-   c:\windows\system32\dllcache\n9i128.sys
                                                                                          2010-02-19 18:11 . 2001-08-17 14:56   35392   ----a-w-   c:\windows\system32\dllcache\n9i128.dll
                                                                                          2010-02-19 18:11 . 2001-08-17 12:11   128000   ----a-w-   c:\windows\system32\dllcache\n100325.sys
                                                                                          2010-02-19 18:09 . 2001-08-17 14:02   35200   ----a-w-   c:\windows\system32\dllcache\msgame.sys
                                                                                          2010-02-19 18:08 . 2001-08-17 22:36   47616   ----a-w-   c:\windows\system32\dllcache\memgrp.dll
                                                                                          2010-02-19 18:07 . 2001-08-17 12:12   20573   ----a-w-   c:\windows\system32\dllcache\lne100.sys
                                                                                          2010-02-19 18:06 . 2001-08-17 12:12   45632   ----a-w-   c:\windows\system32\dllcache\ip5515.sys
                                                                                          2010-02-19 18:05 . 2001-08-17 22:36   26624   ----a-w-   c:\windows\system32\dllcache\icam3ext.dll
                                                                                          2010-02-19 18:04 . 2001-08-17 13:28   488383   ----a-w-   c:\windows\system32\dllcache\hsf_v124.sys
                                                                                          2010-02-19 18:03 . 2001-08-17 22:36   31232   ----a-w-   c:\windows\system32\dllcache\hpgt42tk.dll
                                                                                          2010-02-19 18:02 . 2001-08-17 12:49   320384   ----a-w-   c:\windows\system32\dllcache\g200m.sys
                                                                                          2010-02-19 18:01 . 2001-08-17 12:12   16074   ----a-w-   c:\windows\system32\dllcache\fa312nd5.sys
                                                                                          2010-02-19 18:00 . 2001-08-17 12:19   283904   ----a-w-   c:\windows\system32\dllcache\emu10k1m.sys
                                                                                          2010-02-19 17:59 . 2001-08-17 12:11   29696   ----a-w-   c:\windows\system32\dllcache\dm9pci5.sys
                                                                                          2010-02-19 17:58 . 2001-08-17 13:52   14720   ----a-w-   c:\windows\system32\dllcache\dac960nt.sys
                                                                                          2010-02-19 17:57 . 2004-08-04 13:00   15872   ----a-w-   c:\windows\system32\dllcache\chgport.exe
                                                                                          2010-02-19 17:56 . 2001-08-17 13:51   13824   ----a-w-   c:\windows\system32\dllcache\bulltlp3.sys
                                                                                          2010-02-19 17:55 . 2004-08-03 22:29   104960   ----a-w-   c:\windows\system32\dllcache\atinrvxx.sys
                                                                                          2010-02-19 17:54 . 2004-08-03 22:32   231552   ----a-w-   c:\windows\system32\dllcache\ac97ali.sys
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   49210   ----a-w-   c:\windows\system32\dllcache\fp4areg.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   147513   ----a-w-   c:\windows\system32\dllcache\fp4apws.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   102509   ----a-w-   c:\windows\system32\dllcache\fp4atxt.dll
                                                                                          2010-02-19 17:53 . 2004-05-13 00:39   184435   ----a-w-   c:\windows\system32\dllcache\fp4amsft.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   82035   ----a-w-   c:\windows\system32\dllcache\fp4anscp.dll
                                                                                          2010-02-19 17:53 . 2004-08-04 13:00   46592   ----a-w-   c:\windows\system32\dllcache\coadmin.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   188480   ----a-w-   c:\windows\system32\dllcache\cfgwiz.exe
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\author.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\author.exe
                                                                                          2010-02-19 17:53 . 2004-08-04 13:00   43520   ----a-w-   c:\windows\system32\dllcache\admwprox.dll
                                                                                          2010-02-19 17:53 . 2004-08-04 13:00   290816   ----a-w-   c:\windows\system32\dllcache\adsiis51.dll
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   16439   ----a-w-   c:\windows\system32\dllcache\admin.exe
                                                                                          2010-02-19 17:53 . 2003-03-24 16:52   20540   ----a-w-   c:\windows\system32\dllcache\admin.dll
                                                                                          2010-02-18 19:18 . 2010-02-18 19:18   --------   d-----w-   C:\_OTM
                                                                                          2010-02-18 01:43 . 2009-06-30 09:37   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
                                                                                          2010-02-18 01:43 . 2010-02-18 01:43   --------   d-----w-   c:\program files\Panda Security
                                                                                          2010-02-18 01:09 . 2010-02-18 01:09   --------   d-----w-   c:\program files\ESET
                                                                                          2010-02-15 23:26 . 2010-02-15 23:26   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                                                                                          2010-02-15 23:26 . 2010-02-15 23:26   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                                                                                          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                                                                                          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
                                                                                          2010-02-15 23:25 . 2010-02-15 23:25   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
                                                                                          2010-02-15 22:38 . 2010-02-15 22:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
                                                                                          2010-02-15 22:37 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                                                                                          2010-02-15 22:37 . 2010-02-15 22:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                                                                                          2010-02-15 22:37 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
                                                                                          2010-02-15 22:37 . 2010-02-15 22:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
                                                                                          2010-02-15 22:23 . 2010-02-15 22:23   --------   d-----w-   c:\program files\Trend Micro
                                                                                          2010-02-15 19:28 . 2010-02-15 19:28   552   ----a-w-   c:\windows\system32\d3d8caps.dat
                                                                                          2010-02-15 18:13 . 2010-02-15 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\AVG8

                                                                                          .
                                                                                          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                                                                                          .
                                                                                          2010-02-19 22:36 . 2004-08-07 13:12   91799   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
                                                                                          2010-02-19 17:42 . 2009-08-09 14:42   0   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
                                                                                          2010-02-16 00:16 . 2009-05-17 14:44   --------   d-----w-   c:\program files\Xvid
                                                                                          2010-02-16 00:16 . 2007-12-03 15:32   --------   d-----w-   c:\program files\USB Disk Win98 Driver
                                                                                          2010-02-16 00:16 . 2006-07-11 06:12   --------   d-----w-   c:\program files\Windows Media Connect
                                                                                          2010-02-15 23:24 . 2010-01-17 12:44   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
                                                                                          2010-02-15 23:13 . 2008-10-05 14:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\rspgjclg
                                                                                          2010-02-10 14:52 . 2007-01-09 11:46   --------   d-----w-   c:\program files\Lx_cats
                                                                                          2010-01-17 12:46 . 2010-01-17 12:46   4   --sh--r-   c:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
                                                                                          2010-01-14 11:12 . 2009-10-04 16:01   181120   ------w-   c:\windows\system32\MpSigStub.exe
                                                                                          2010-01-09 19:53 . 2008-07-31 11:38   --------   d-----w-   c:\program files\Windows Live Safety Center
                                                                                          2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
                                                                                          2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
                                                                                          .

                                                                                          ------- Sigcheck -------

                                                                                          [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
                                                                                          [7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
                                                                                          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
                                                                                          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\ERDNT\cache\ndis.sys
                                                                                          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\dllcache\ndis.sys
                                                                                          [-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\system32\drivers\ndis.sys
                                                                                          [7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

                                                                                          [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
                                                                                          [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
                                                                                          [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
                                                                                          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
                                                                                          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\ERDNT\cache\tcpip.sys
                                                                                          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys
                                                                                          [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
                                                                                          [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
                                                                                          [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
                                                                                          [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
                                                                                          [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
                                                                                          [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

                                                                                          [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
                                                                                          [7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netman.dll
                                                                                          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
                                                                                          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
                                                                                          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
                                                                                          [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
                                                                                          [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
                                                                                          [7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

                                                                                          [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
                                                                                          [7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rpcss.dll
                                                                                          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
                                                                                          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\rpcss.dll
                                                                                          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
                                                                                          [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\dllcache\rpcss.dll
                                                                                          [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
                                                                                          [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
                                                                                          [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
                                                                                          [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
                                                                                          [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
                                                                                          [7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

                                                                                          [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
                                                                                          [7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
                                                                                          [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
                                                                                          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
                                                                                          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
                                                                                          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
                                                                                          [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
                                                                                          [7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

                                                                                          [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\asms\60\msft\windows\common\controls\comctl32.dll
                                                                                          [7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\60\msft\windows\common\controls\comctl32.dll
                                                                                          [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comctl32.dll
                                                                                          [7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comctl32.dll
                                                                                          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
                                                                                          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
                                                                                          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
                                                                                          [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
                                                                                          [7] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

                                                                                          [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
                                                                                          [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
                                                                                          [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
                                                                                          [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
                                                                                          [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
                                                                                          [7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
                                                                                          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
                                                                                          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\ERDNT\cache\es.dll
                                                                                          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
                                                                                          [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\dllcache\es.dll
                                                                                          [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
                                                                                          [7] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

                                                                                          [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
                                                                                          [7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kernel32.dll
                                                                                          [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\ERDNT\cache\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\kernel32.dll
                                                                                          [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\system32\dllcache\kernel32.dll
                                                                                          [7] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

                                                                                          [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\linkinfo.dll
                                                                                          [7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\linkinfo.dll
                                                                                          [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
                                                                                          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
                                                                                          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
                                                                                          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
                                                                                          [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\dllcache\linkinfo.dll
                                                                                          [7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

                                                                                          [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntoskrnl.exe
                                                                                          [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntoskrnl.exe
                                                                                          [-] 2008-08-14 . 21C91DA9CB53AA8A37041BA9684A8458 . 2180352 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntoskrnl.exe
                                                                                          [-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntoskrnl.exe
                                                                                          [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
                                                                                          [7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntoskrnl.exe
                                                                                          [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
                                                                                          [-] 2005-10-12 . 7B69EA89C7B9966BF552A070D97C5013 . 2180096 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntoskrnl.exe
                                                                                          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
                                                                                          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntoskrnl.exe
                                                                                          [-] 2005-10-12 . C5290E302241594B668A378D89FD903E . 2136064 . . [5.1.2600.2774] . . c:\windows\system32\ntoskrnl.exe
                                                                                          [-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntoskrnl.exe
                                                                                          [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
                                                                                          [7] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe

                                                                                          [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tapisrv.dll
                                                                                          [7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tapisrv.dll
                                                                                          [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
                                                                                          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
                                                                                          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
                                                                                          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
                                                                                          [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
                                                                                          [7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

                                                                                          [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
                                                                                          [7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
                                                                                          [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
                                                                                          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
                                                                                          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\ERDNT\cache\user32.dll
                                                                                          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll
                                                                                          [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\system32\dllcache\user32.dll
                                                                                          [7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

                                                                                          [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
                                                                                          [7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
                                                                                          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
                                                                                          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\ERDNT\cache\srsvc.dll
                                                                                          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\srsvc.dll
                                                                                          [-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\system32\dllcache\srsvc.dll
                                                                                          [7] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

                                                                                          [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\aec.sys
                                                                                          [7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\aec.sys
                                                                                          [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
                                                                                          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
                                                                                          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
                                                                                          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
                                                                                          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
                                                                                          [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
                                                                                          [7] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

                                                                                          [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
                                                                                          [7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mfc40u.dll
                                                                                          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
                                                                                          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
                                                                                          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
                                                                                          [-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

                                                                                          [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3QFE\ntkrnlpa.exe
                                                                                          [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP3GDR\ntkrnlpa.exe
                                                                                          [-] 2008-08-14 . BA002228743B6824D87F0551DBC86D45 . 2057728 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2GDR\ntkrnlpa.exe
                                                                                          [-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\SP2QFE\ntkrnlpa.exe
                                                                                          [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
                                                                                          [7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntkrnlpa.exe
                                                                                          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
                                                                                          [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
                                                                                          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
                                                                                          [-] 2005-10-11 . 0C691ECAD81707D3A7797512AC932C62 . 2015232 . . [5.1.2600.2774] . . c:\windows\system32\ntkrnlpa.exe
                                                                                          [-] 2005-10-11 . DDBFA4EAE9251712F20193DD47B361BD . 2057344 . . [5.1.2600.2774] . . c:\windows\system32\dllcache\ntkrnlpa.exe
                                                                                          [-] 2005-09-28 . 48472D224E1703882B4DE0E28E205E9B . 2015744 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB909095$\ntkrnlpa.exe
                                                                                          [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
                                                                                          [7] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntkrnlpa.exe
                                                                                          .
                                                                                          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                                                                                          .
                                                                                          .
                                                                                          *Note* empty entries & legit default entries are not shown
                                                                                          REGEDIT4

                                                                                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                                                                          "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
                                                                                          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

                                                                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                                                                                          "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 184320]
                                                                                          "LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
                                                                                          "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
                                                                                          "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
                                                                                          "ACQTMOUSE"="c:\program files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe" [2006-12-27 489984]
                                                                                          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
                                                                                          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
                                                                                          "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-01 1932568]
                                                                                          "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
                                                                                          "TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe" [2008-11-13 90112]
                                                                                          "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
                                                                                          "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
                                                                                          "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
                                                                                          "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
                                                                                          "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

                                                                                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                                                                                          "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

                                                                                          c:\documents and settings\Administrator\Start Menu\Programs\Startup\
                                                                                          Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

                                                                                          c:\documents and settings\All Users\Start Menu\Programs\Startup\
                                                                                          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
                                                                                          AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-2-4 156784]
                                                                                          DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2006-10-4 184320]

                                                                                          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                                                                                          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                                                                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                                                                                          2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

                                                                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
                                                                                          2009-04-01 11:34   10520   ----a-w-   c:\windows\system32\avgrsstx.dll

                                                                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
                                                                                          2006-03-03 15:08   434176   ----a-w-   c:\windows\system32\IfxWlxEN.dll

                                                                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
                                                                                          2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

                                                                                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                                                                                          @="Service"

                                                                                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                                                                                          "%windir%\\system32\\sessmgr.exe"=
                                                                                          "c:\\WINDOWS\\system32\\mqsvc.exe"=
                                                                                          "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
                                                                                          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
                                                                                          "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
                                                                                          "c:\\Program Files\\AOL 9.0\\waol.exe"=
                                                                                          "c:\\Program Files\\AOL\\RC\\regClient.exe"=
                                                                                          "c:\\Program Files\\AOL 9.0a\\waol.exe"=
                                                                                          "c:\\Program Files\\Messenger\\msmsgs.exe"=
                                                                                          "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
                                                                                          "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
                                                                                          "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
                                                                                          "c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
                                                                                          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                                                                                          "c:\\Program Files\\iTunes\\iTunes.exe"=
                                                                                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                                                                                          "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
                                                                                          "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
                                                                                          "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                                                                                          "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

                                                                                          R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18/02/2010 01:43 28552]
                                                                                          R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/04/2009 11:34 325640]
                                                                                          R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/04/2009 11:34 108552]
                                                                                          R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 16:56 36768]
                                                                                          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
                                                                                          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
                                                                                          R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 08:00 14336]
                                                                                          R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/04/2009 11:33 298264]
                                                                                          R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
                                                                                          R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 11:19 36352]
                                                                                          S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [16/05/2009 15:03 1527900]
                                                                                          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
                                                                                          S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [26/07/2005 10:13 57648]
                                                                                          S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [26/09/2007 13:34 8336]
                                                                                          S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [26/09/2007 13:34 93488]
                                                                                          S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [26/09/2007 13:35 84928]
                                                                                          S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [26/09/2007 13:34 82864]

                                                                                          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                                                                                          Cognizance   REG_MULTI_SZ      ASChannel
                                                                                          .
                                                                                          Contents of the 'Scheduled Tasks' folder

                                                                                          2010-02-21 c:\windows\Tasks\MP Scheduled Scan.job
                                                                                          - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
                                                                                          .
                                                                                          .
                                                                                          ------- Supplementary Scan -------
                                                                                          .
                                                                                          uStart Page = hxxp://www.hp.com/
                                                                                          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                                                                                          uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
                                                                                          uInternet Settings,ProxyServer = 127.0.0.1:8080
                                                                                          uSearchAssistant = hxxp://www.google.com/ie
                                                                                          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                                                                                          IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                                                                                          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                                                          DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
                                                                                          FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dlbu8v23.default\
                                                                                          FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
                                                                                          .

                                                                                          **************************************************************************

                                                                                          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                                                                                          Rootkit scan 2010-02-21 01:10
                                                                                          Windows 5.1.2600 Service Pack 2 NTFS

                                                                                          scanning hidden processes ... 

                                                                                          scanning hidden autostart entries ...

                                                                                          HKLM\Software\Microsoft\Windows\CurrentVersion\Run
                                                                                            LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

                                                                                          scanning hidden files ... 

                                                                                          scan completed successfully
                                                                                          hidden files: 0

                                                                                          **************************************************************************
                                                                                          .
                                                                                          --------------------- DLLs Loaded Under Running Processes ---------------------

                                                                                          - - - - - - - > 'winlogon.exe'(900)
                                                                                          c:\program files\SUPERAntiSpyware\SASWINLO.dll
                                                                                          c:\windows\system32\Ati2evxx.dll
                                                                                          c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
                                                                                          c:\windows\system32\IfxWlxEN.dll
                                                                                          c:\program files\HPQ\IAM\Bin\ASChnl.dll
                                                                                          c:\program files\HPQ\IAM\Bin\ItMsg.dll

                                                                                          - - - - - - - > 'explorer.exe'(432)
                                                                                          c:\program files\HPQ\IAM\Bin\SFSShell.dll
                                                                                          c:\program files\HPQ\IAM\bin\ItMsg.dll
                                                                                          c:\windows\system32\msi.dll
                                                                                          .
                                                                                          ------------------------ Other Running Processes ------------------------
                                                                                          .
                                                                                          c:\windows\system32\Ati2evxx.exe
                                                                                          c:\windows\system32\DllHost.exe
                                                                                          c:\windows\system32\Ati2evxx.exe
                                                                                          c:\program files\HPQ\IAM\bin\asghost.exe
                                                                                          c:\windows\system32\msdtc.exe
                                                                                          c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                          c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                          c:\program files\Bonjour\mDNSResponder.exe
                                                                                          c:\windows\system32\IFXSPMGT.exe
                                                                                          c:\windows\system32\IFXTCS.exe
                                                                                          c:\program files\Common Files\LightScribe\LSSrvc.exe
                                                                                          c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                          c:\progra~1\AVG\AVG8\avgrsx.exe
                                                                                          c:\progra~1\AVG\AVG8\avgnsx.exe
                                                                                          c:\windows\system32\wdfmgr.exe
                                                                                          c:\windows\system32\mqsvc.exe
                                                                                          c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                          c:\windows\system32\mqtgsvc.exe
                                                                                          c:\windows\system32\wscntfy.exe
                                                                                          c:\program files\iPod\bin\iPodService.exe
                                                                                          c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe
                                                                                          c:\program files\Common Files\Teleca Shared\Generic.exe
                                                                                          c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                                                                                          .
                                                                                          **************************************************************************
                                                                                          .
                                                                                          Completion time: 2010-02-21  01:15:42 - machine was rebooted
                                                                                          ComboFix-quarantined-files.txt  2010-02-21 01:15
                                                                                          ComboFix2.txt  2010-02-21 00:31
                                                                                          ComboFix3.txt  2010-02-18 00:47

                                                                                          Pre-Run: 17,696,894,976 bytes free
                                                                                          Post-Run: 17,673,748,480 bytes free

                                                                                          - - End Of File - - 464D16A82B2D35E9C2BCA84967086EA8

                                                                                          evilfantasy

                                                                                          • Malware Removal Specialist
                                                                                          • Moderator


                                                                                          • Genius
                                                                                          • Calm like a bomb
                                                                                          • Thanked: 489
                                                                                          • Experience: Familiar
                                                                                          • OS: Windows 10
                                                                                          Re: Your system is infected! (Please help if you can)
                                                                                          « Reply #82 on: February 20, 2010, 06:24:53 PM »
                                                                                          Quote
                                                                                          After re-booting, the IE icon was back on my desktop and IE had made itself the default brower, even though it was definitely set to Firefox before the re-boot! Is this anything to be concerned about?

                                                                                          ComboFix sets IE as the default but I don't know why the icon keeps coming back. I don't think I've ever seen that before.

                                                                                          Let's see if it might be something malicious.


                                                                                          ESET Online Scan

                                                                                          Scan your computer with the ESET FREE Online Virus Scan

                                                                                          * Click the ESET Online Scanner button.

                                                                                          * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                                                                                          * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
                                                                                          * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
                                                                                          * Place a check mark next to YES, I accept the Terms of Use.

                                                                                          * Click the Start button.
                                                                                          * Accept any security warnings from your browser.
                                                                                          * Leave the check mark next to Remove found threats and place a check next to Scan archives.
                                                                                          * Click the Start button.
                                                                                          * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
                                                                                          * When the scan completes, click List of found threats.
                                                                                          * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
                                                                                          * Click the <<Back button then click Finish.

                                                                                          In your next reply please include the ESET Online Scan Log

                                                                                          KayleyBug

                                                                                            Topic Starter


                                                                                            Beginner

                                                                                            Re: Your system is infected! (Please help if you can)
                                                                                            « Reply #83 on: February 20, 2010, 06:52:35 PM »
                                                                                            ESET is running successfully (unlike last time I tried it, quite a few posts ago by now!).

                                                                                            As it's almost 2am here and it looks like the scan's going to take another hour at least, I'm going to set my laptop to hibernate in 3 hours and get the results to you tomorrow morning (about 4am your time).

                                                                                            Thank you so much for all your help and patience so far  :)

                                                                                            evilfantasy

                                                                                            • Malware Removal Specialist
                                                                                            • Moderator


                                                                                            • Genius
                                                                                            • Calm like a bomb
                                                                                            • Thanked: 489
                                                                                            • Experience: Familiar
                                                                                            • OS: Windows 10
                                                                                            Re: Your system is infected! (Please help if you can)
                                                                                            « Reply #84 on: February 20, 2010, 06:54:47 PM »
                                                                                            Glad it's running. Things went horribly wrong with the other scanner we used...  :-\

                                                                                            Post the log whenever you get the time.

                                                                                            See you then.

                                                                                            KayleyBug

                                                                                              Topic Starter


                                                                                              Beginner

                                                                                              Re: Your system is infected! (Please help if you can)
                                                                                              « Reply #85 on: February 21, 2010, 03:07:55 AM »
                                                                                              Good morning! ESET scanned 100597 files in 1 hour 42 mins - No threats found.

                                                                                              I'm going to update AVG and JAVA, then install OnlineArmor. If that goes well, I'll create a restore point and then get SP3, so I can just do a system restore if I get internet problems with it again.

                                                                                              I'll make sure everything's definitely sorted before de-fragmenting, here's a new Hijackthis log just to be safe :)

                                                                                              Logfile of Trend Micro HijackThis v2.0.2
                                                                                              Scan saved at 10:07:40, on 21/02/2010
                                                                                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                                                                                              MSIE: Internet Explorer v7.00 (7.00.6000.16674)
                                                                                              Boot mode: Normal

                                                                                              Running processes:
                                                                                              C:\WINDOWS\System32\smss.exe
                                                                                              C:\WINDOWS\system32\winlogon.exe
                                                                                              C:\WINDOWS\system32\services.exe
                                                                                              C:\WINDOWS\system32\lsass.exe
                                                                                              C:\WINDOWS\system32\Ati2evxx.exe
                                                                                              C:\WINDOWS\system32\svchost.exe
                                                                                              C:\Program Files\Windows Defender\MsMpEng.exe
                                                                                              C:\WINDOWS\System32\svchost.exe
                                                                                              C:\WINDOWS\system32\spoolsv.exe
                                                                                              C:\WINDOWS\system32\Ati2evxx.exe
                                                                                              C:\Program Files\HPQ\IAM\bin\asghost.exe
                                                                                              C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                              C:\WINDOWS\System32\svchost.exe
                                                                                              C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                              C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                              C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                              C:\WINDOWS\system32\IFXTCS.exe
                                                                                              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                              C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                              C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                                                                                              C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                                                                                              C:\WINDOWS\system32\svchost.exe
                                                                                              C:\WINDOWS\system32\mqsvc.exe
                                                                                              C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                              C:\WINDOWS\system32\mqtgsvc.exe
                                                                                              C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                                                                                              C:\WINDOWS\UMStor\Res.EXE
                                                                                              C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
                                                                                              C:\Program Files\iTunes\iTunesHelper.exe
                                                                                              C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                              C:\Program Files\Windows Defender\MSASCui.exe
                                                                                              C:\WINDOWS\system32\wscntfy.exe
                                                                                              C:\Program Files\iPod\bin\iPodService.exe
                                                                                              C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
                                                                                              C:\WINDOWS\System32\svchost.exe
                                                                                              C:\Program Files\Common Files\Teleca Shared\Generic.exe
                                                                                              C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                                                                                              C:\WINDOWS\system32\ctfmon.exe
                                                                                              C:\WINDOWS\explorer.exe
                                                                                              C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              C:\WINDOWS\system32\lxcfcoms.exe
                                                                                              C:\Program Files\AVG\AVG8\avgupd.exe
                                                                                              C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

                                                                                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
                                                                                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
                                                                                              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
                                                                                              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                                                                                              O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                                                                                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                                                                              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                                                                                              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                                                                                              O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
                                                                                              O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                              O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                              O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
                                                                                              O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                                                                                              O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
                                                                                              O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
                                                                                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                                                                                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                                                                                              O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                                                                                              O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
                                                                                              O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                                                                                              O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                                                                                              O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                                                                                              O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                                                                                              O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                                                                                              O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                                                                                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                                                                                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                                                                                              O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                                                                              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                                                                                              O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
                                                                                              O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                              O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                                                                                              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                                                              O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                              O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                                                                                              O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                                                                                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                              O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                                                                                              O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                                                                                              O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                                                                                              O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
                                                                                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
                                                                                              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
                                                                                              O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
                                                                                              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                                                                                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                                                                                              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                                                                                              O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                                                                                              O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                                                                                              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                                                                              O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
                                                                                              O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
                                                                                              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                                                                                              O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                                                                                              O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                              O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                                                                                              O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                                                                              O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                              O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
                                                                                              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                                                                              O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                              O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
                                                                                              O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
                                                                                              O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

                                                                                              --
                                                                                              End of file - 10661 bytes

                                                                                              KayleyBug

                                                                                                Topic Starter


                                                                                                Beginner

                                                                                                Re: Your system is infected! (Please help if you can)
                                                                                                « Reply #86 on: February 21, 2010, 05:37:01 AM »
                                                                                                I got as far as installing Online Armor, there are lots of 'unknown' programs its asking me to allow/block, however there is one 'untrusted' that I'm unable to find information about -

                                                                                                ACQTMAPP.exe (which is named Tilt Mouse Program.)

                                                                                                Should I block this?

                                                                                                evilfantasy

                                                                                                • Malware Removal Specialist
                                                                                                • Moderator


                                                                                                • Genius
                                                                                                • Calm like a bomb
                                                                                                • Thanked: 489
                                                                                                • Experience: Familiar
                                                                                                • OS: Windows 10
                                                                                                Re: Your system is infected! (Please help if you can)
                                                                                                « Reply #87 on: February 21, 2010, 11:15:45 AM »

                                                                                                KayleyBug

                                                                                                  Topic Starter


                                                                                                  Beginner

                                                                                                  Re: Your system is infected! (Please help if you can)
                                                                                                  « Reply #88 on: February 21, 2010, 04:06:03 PM »
                                                                                                  I've installed SP3 and 85 other Microsoft updates (and turned on automatic updates, so the next instalment should be much smaller!!)

                                                                                                  Updated AVG and Java, and got OnlineArmor set up.

                                                                                                  Here's a new HijackThis log, incase there's anything still lurking around.

                                                                                                  Logfile of Trend Micro HijackThis v2.0.2
                                                                                                  Scan saved at 23:01:31, on 21/02/2010
                                                                                                  Platform: Windows XP SP3 (WinNT 5.01.2600)
                                                                                                  MSIE: Internet Explorer v7.00 (7.00.6000.16981)
                                                                                                  Boot mode: Normal

                                                                                                  Running processes:
                                                                                                  C:\WINDOWS\System32\smss.exe
                                                                                                  C:\WINDOWS\system32\winlogon.exe
                                                                                                  C:\WINDOWS\system32\services.exe
                                                                                                  C:\WINDOWS\system32\lsass.exe
                                                                                                  C:\WINDOWS\system32\Ati2evxx.exe
                                                                                                  C:\WINDOWS\system32\svchost.exe
                                                                                                  C:\Program Files\Windows Defender\MsMpEng.exe
                                                                                                  C:\WINDOWS\System32\svchost.exe
                                                                                                  C:\Program Files\Tall Emu\Online Armor\OAcat.exe
                                                                                                  C:\Program Files\Tall Emu\Online Armor\oasrv.exe
                                                                                                  C:\WINDOWS\system32\spoolsv.exe
                                                                                                  C:\WINDOWS\system32\Ati2evxx.exe
                                                                                                  C:\Program Files\HPQ\IAM\bin\asghost.exe
                                                                                                  C:\WINDOWS\Explorer.EXE
                                                                                                  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                                  C:\WINDOWS\System32\svchost.exe
                                                                                                  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                                  C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                                  C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                                  C:\WINDOWS\system32\IFXTCS.exe
                                                                                                  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                                                                                                  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                                                                                                  C:\Program Files\Java\jre6\bin\jqs.exe
                                                                                                  C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                                  C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                                  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
                                                                                                  C:\WINDOWS\UMStor\Res.EXE
                                                                                                  C:\WINDOWS\system32\svchost.exe
                                                                                                  C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe
                                                                                                  C:\Program Files\iTunes\iTunesHelper.exe
                                                                                                  C:\WINDOWS\system32\mqsvc.exe
                                                                                                  C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                                  C:\Program Files\Windows Defender\MSASCui.exe
                                                                                                  C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                                  C:\Program Files\Common Files\Java\Java Update\jusched.exe
                                                                                                  C:\Program Files\Tall Emu\Online Armor\oaui.exe
                                                                                                  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                                                                                                  C:\WINDOWS\system32\ctfmon.exe
                                                                                                  C:\WINDOWS\system32\wuauclt.exe
                                                                                                  C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
                                                                                                  C:\Program Files\iPod\bin\iPodService.exe
                                                                                                  C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
                                                                                                  C:\Program Files\Common Files\Teleca Shared\Generic.exe
                                                                                                  C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
                                                                                                  C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                  C:\Program Files\Windows Live\Contacts\wlcomm.exe
                                                                                                  C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
                                                                                                  C:\WINDOWS\system32\wuauclt.exe

                                                                                                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
                                                                                                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                                                                                                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                                                                                                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
                                                                                                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
                                                                                                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                                                                                                  O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
                                                                                                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                                                                                                  O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                                                                                                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                                                                                                  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
                                                                                                  O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
                                                                                                  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                                                                                                  O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                                  O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                                  O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[email protected]
                                                                                                  O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
                                                                                                  O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
                                                                                                  O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"
                                                                                                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                                                                                                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                                                                                                  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
                                                                                                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                                                                                                  O4 - HKLM\..\Run: [trayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_15_Download_version\TrayServer.exe
                                                                                                  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                                                                                                  O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
                                                                                                  O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
                                                                                                  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                                                                                                  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                                                                                                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
                                                                                                  O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
                                                                                                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                                                                                                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                                                                                                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                                                                                                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                                                                                                  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                                                                                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                                                                                                  O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
                                                                                                  O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
                                                                                                  O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
                                                                                                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                                                                  O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                                  O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
                                                                                                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                                                                                                  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                                                                                                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                                                                                                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                                                                                                  O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
                                                                                                  O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
                                                                                                  O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
                                                                                                  O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
                                                                                                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
                                                                                                  O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
                                                                                                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266759427500
                                                                                                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266760712406
                                                                                                  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
                                                                                                  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                                                                                                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                                                                                                  O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                                                                                                  O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
                                                                                                  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
                                                                                                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                                                                                                  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
                                                                                                  O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
                                                                                                  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                                                                                                  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                                                                                                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                                                                                                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                                                                                                  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                                                                                                  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                                                                                                  O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
                                                                                                  O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                                                                                                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                                                                                                  O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
                                                                                                  O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
                                                                                                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                                                                                                  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                                                                                                  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                                                                                                  O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe
                                                                                                  O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
                                                                                                  O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
                                                                                                  O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
                                                                                                  O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

                                                                                                  --
                                                                                                  End of file - 12175 bytes

                                                                                                  evilfantasy

                                                                                                  • Malware Removal Specialist
                                                                                                  • Moderator


                                                                                                  • Genius
                                                                                                  • Calm like a bomb
                                                                                                  • Thanked: 489
                                                                                                  • Experience: Familiar
                                                                                                  • OS: Windows 10
                                                                                                  Re: Your system is infected! (Please help if you can)
                                                                                                  « Reply #89 on: February 21, 2010, 04:22:19 PM »
                                                                                                  Looks okay. You can cut down on some of your unnecessary startups.


                                                                                                  Download StartUp 1.3

                                                                                                  * Open StartUp 1.3 and you will see a list of your startups.
                                                                                                  * Right click any startup you do not want and choose Remove
                                                                                                  * Once complete choose Apply then Exit

                                                                                                  ----------

                                                                                                  If you don't use Voice Input you can turn that off. What is CTFMON.EXE and How Can I Remove It

                                                                                                  ----------

                                                                                                  Also this.

                                                                                                  Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

                                                                                                  Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

                                                                                                  Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

                                                                                                  Exit out of MessengerDisable then delete the two files that were put on the desktop.

                                                                                                  KayleyBug

                                                                                                    Topic Starter


                                                                                                    Beginner

                                                                                                    Re: Your system is infected! (Please help if you can)
                                                                                                    « Reply #90 on: February 21, 2010, 04:45:19 PM »
                                                                                                    All of the above now completed :) Am I done?

                                                                                                    Could you recommend which anti-virus I should run in future? Currently I run AdAware and Spybot every month or so and just delete anything they flag, do you recommend I continue this or should I use a different program, bearing in mind that I'll just delete everything they warn me against?  :)

                                                                                                    evilfantasy

                                                                                                    • Malware Removal Specialist
                                                                                                    • Moderator


                                                                                                    • Genius
                                                                                                    • Calm like a bomb
                                                                                                    • Thanked: 489
                                                                                                    • Experience: Familiar
                                                                                                    • OS: Windows 10
                                                                                                    Re: Your system is infected! (Please help if you can)
                                                                                                    « Reply #91 on: February 21, 2010, 04:49:24 PM »
                                                                                                    I would get rid of AdAware and use MBAM and SAS instead. Unless you buy any of them the real-time protection is pretty useless.

                                                                                                    AVG should be fine for your antivirus.

                                                                                                    KayleyBug

                                                                                                      Topic Starter


                                                                                                      Beginner

                                                                                                      Re: Your system is infected! (Please help if you can)
                                                                                                      « Reply #92 on: February 21, 2010, 04:52:16 PM »
                                                                                                      Ok :)

                                                                                                      Wow, thank you so much for all your help, I'm really really grateful for all the time and patience you've put in to helping me! I thought my laptop was done for but now it's saved! I can't thank you enough :D

                                                                                                      evilfantasy

                                                                                                      • Malware Removal Specialist
                                                                                                      • Moderator


                                                                                                      • Genius
                                                                                                      • Calm like a bomb
                                                                                                      • Thanked: 489
                                                                                                      • Experience: Familiar
                                                                                                      • OS: Windows 10
                                                                                                      Re: Your system is infected! (Please help if you can)
                                                                                                      « Reply #93 on: February 21, 2010, 04:55:08 PM »
                                                                                                      Your welcome. 8)