Tech Support Forum - View Single Post - Popups about viruses and spyware anytime anything is done on the computer.

jerrinator · 07-30-2008, 06:43 PM

hello again chemist......i did as instucted....

well it means alot because the popups stop coming...and well i ran the virtual technician (it found some registry problem that it fixed) and the problem seems to be gone with the systemguard....so i'm keeping the mcafee if you don't mind...

here is the ComboFix file (and i should say it uncovered some things that i have to deal with the other users of this computer)

ComboFix 08-07-28.4 - Del User 2008-07-30 17:29:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.142 [GMT -4:00]
Running from: C:\Documents and Settings\Del User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Del User\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

FILE ::
C:\WINDOWS\system32\iexfil.dll
C:\WINDOWS\system32\mssockah.dll
C:\WINDOWS\system32\mstmpxmlfun.xml
C:\WINDOWS\system32\wdkaent.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Desktop.ini
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Keygen.rar
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Thumbs.db

<snip>

C:\WINDOWS\system32\iexfil.dll
C:\WINDOWS\system32\mssockah.dll
C:\WINDOWS\system32\mstmpxmlfun.xml
C:\WINDOWS\system32\wdkaent.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-28 19:45 . 2008-07-28 19:45 <DIR> d-------- C:\Deckard
2008-07-27 11:03 . 2008-07-27 11:03 <DIR> d-------- C:\Program Files\MSECache
2008-07-26 16:26 . 2008-07-26 16:26 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-26 16:26 . 2008-07-29 09:36 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-26 16:24 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-26 16:24 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-26 16:24 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-25 18:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-07-25 18:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-07-25 03:12 . 2008-07-25 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-25 02:44 . 2008-07-25 02:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 00:32 . 2008-07-25 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 14:00 . 2008-07-24 14:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\Reallusion
2008-07-24 13:58 . 2008-07-24 13:58 <DIR> d-------- C:\Program Files\Common Files\Reallusion
2008-07-23 13:24 . 2008-07-23 13:24 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\fltk.org
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-18 23:45 . 2008-07-18 23:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 23:40 . 2008-07-26 16:26 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\WINDOWS\EHome
2008-07-18 23:23 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-07-18 23:22 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-07-18 23:22 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-18 23:22 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-18 23:22 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-07-18 23:22 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-07-18 23:22 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-07-18 23:22 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf
2008-07-18 22:29 . 2008-07-18 22:30 <DIR> d-------- C:\Program Files\Safari
2008-07-17 22:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-17 22:04 . 2008-07-17 22:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-15 21:22 . 2008-07-18 20:55 <DIR> d-------- C:\Documents and Settings\Del User\.housecall6.6
2008-07-15 21:01 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-15 20:59 . 2008-07-15 21:20 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6
2008-07-14 23:47 . 2008-07-14 23:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-13 17:40 . 2008-07-13 17:40 <DIR> d-------- C:\ie-spyad_zo
2008-07-13 17:04 . 2008-07-27 23:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-13 15:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-13 15:44 . 2008-07-13 15:44 <DIR> d-------- C:\Program Files\Panda Security
2008-07-11 00:13 . 2008-07-11 00:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 21:26 . 2008-07-26 11:21 64,324 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 21:07 . 2008-07-10 21:08 <DIR> d-------- C:\Program Files\iTunes
2008-07-10 21:07 . 2008-07-10 21:07 <DIR> d-------- C:\Program Files\iPod
2008-07-10 20:56 . 2008-07-10 21:00 <DIR> d-------- C:\Program Files\QuickTime
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Program Files\NOS
2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 14:41 . 2008-04-23 00:16 6,066,176 --a------ C:\WINDOWS\system32\SET5E.tmp
2008-07-10 11:26 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-07-09 21:46 . 2008-07-10 00:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 21:46 . 2008-07-10 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 20:31 . 2008-07-09 20:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\WINDOWS\speech
2008-07-06 22:08 . 2008-07-06 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 10:04 . 2008-07-06 10:04 <DIR> d-------- C:\Program Files\Sun
2008-07-05 13:29 . 2008-07-05 13:29 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-07-05 13:24 . 2008-07-05 13:25 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\bang
2008-07-03 23:05 . 2008-07-03 23:05 268 --ah----- C:\sqmdata16.sqm
2008-07-03 23:05 . 2008-07-03 23:05 244 --ah----- C:\sqmnoopt16.sqm
2008-07-03 18:55 . 2008-07-03 18:55 268 --ah----- C:\sqmdata15.sqm
2008-07-03 18:55 . 2008-07-03 18:55 244 --ah----- C:\sqmnoopt15.sqm
2008-06-28 15:21 . 2008-06-28 15:21 268 --ah----- C:\sqmdata14.sqm
2008-06-28 15:21 . 2008-06-28 15:21 244 --ah----- C:\sqmnoopt14.sqm
2008-06-27 23:59 . 2008-06-27 23:59 268 --ah----- C:\sqmdata13.sqm
2008-06-27 23:59 . 2008-06-27 23:59 244 --ah----- C:\sqmnoopt13.sqm
2008-06-27 18:19 . 2008-06-27 18:19 268 --ah----- C:\sqmdata12.sqm
2008-06-27 18:19 . 2008-06-27 18:19 244 --ah----- C:\sqmnoopt12.sqm
2008-06-26 22:12 . 2008-06-26 22:12 268 --ah----- C:\sqmdata11.sqm
2008-06-26 22:12 . 2008-06-26 22:12 244 --ah----- C:\sqmnoopt11.sqm
2008-06-26 14:45 . 2008-06-26 14:45 <DIR> d-------- C:\Program Files\bfgclient
2008-06-26 14:45 . 2008-06-26 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-25 22:28 . 2008-06-25 22:28 268 --ah----- C:\sqmdata10.sqm
2008-06-25 22:28 . 2008-06-25 22:28 244 --ah----- C:\sqmnoopt10.sqm
2008-06-25 17:45 . 2008-06-25 17:45 268 --ah----- C:\sqmdata09.sqm
2008-06-25 17:45 . 2008-06-25 17:45 244 --ah----- C:\sqmnoopt09.sqm
2008-06-25 15:37 . 2008-06-25 15:37 268 --ah----- C:\sqmdata08.sqm
2008-06-25 15:37 . 2008-06-25 15:37 244 --ah----- C:\sqmnoopt08.sqm
2008-06-24 16:31 . 2008-06-24 16:31 268 --ah----- C:\sqmdata07.sqm
2008-06-24 16:31 . 2008-06-24 16:31 244 --ah----- C:\sqmnoopt07.sqm
2008-06-23 22:51 . 2008-06-23 22:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-06-23 22:50 . 2008-06-23 22:50 268 --ah----- C:\sqmdata06.sqm
2008-06-23 22:50 . 2008-06-23 22:50 244 --ah----- C:\sqmnoopt06.sqm
2008-06-23 20:39 . 2008-06-23 20:39 268 --ah----- C:\sqmdata05.sqm
2008-06-23 20:39 . 2008-06-23 20:39 244 --ah----- C:\sqmnoopt05.sqm
2008-06-23 18:53 . 2008-06-23 18:53 <DIR> d-------- C:\Program Files\OpenAL
2008-06-23 18:53 . 2008-06-23 19:15 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-23 18:53 . 2008-06-23 19:15 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-20 20:46 . 2008-06-20 20:46 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-20 13:46 . 2008-06-20 13:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-16 20:28 . 2007-03-07 19:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-06-16 20:28 . 2007-03-07 19:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-16 20:28 . 2007-03-07 19:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-14 13:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-14 13:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-14 13:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-14 13:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-06-13 14:40 . 2008-06-13 14:40 38 --a------ C:\WINDOWS\avisplitter.INI
2008-06-10 19:15 . 2008-06-11 21:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\PowerChallenge
2008-06-10 19:13 . 2008-06-13 07:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:13 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:13 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 15:23 . 2008-06-09 15:23 37 --a------ C:\WINDOWS\SWFConverter.INI
2008-06-09 14:41 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-09 14:41 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-09 14:41 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-09 14:41 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-09 14:41 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-09 14:41 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-09 14:41 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-09 14:35 . 2008-06-09 14:35 <DIR> d-------- C:\WINDOWS\Logs
2008-06-08 20:21 . 2008-06-08 20:21 268 --ah----- C:\sqmdata04.sqm
2008-06-08 20:21 . 2008-06-08 20:21 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 21:00 --------- d-----w C:\Program Files\McAfee
2008-07-28 17:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-07-28 03:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 06:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-25 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 01:38 --------- d-----w C:\Documents and Settings\Del User\Application Data\SiteAdvisor
2008-07-18 02:06 --------- d-----w C:\Program Files\Java
2008-07-15 03:45 --------- d-----w C:\Program Files\Common Files\Real
2008-07-13 19:28 --------- d-----w C:\Program Files\Real
2008-07-11 04:07 --------- d-----w C:\Program Files\DivX
2008-07-11 01:18 --------- d-----w C:\Documents and Settings\Del User\Application Data\Apple Computer
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 05:32 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-07 02:57 --------- d-----w C:\Program Files\Google
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\Del User\Application Data\McAfee
2008-06-23 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-01 17:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-31 01:09 --------- d-----w C:\Program Files\Web Publish
2008-05-31 00:21 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-05-31 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund
2008-05-31 00:10 --------- d-----w C:\Program Files\Broderbund
2008-05-31 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-05-30 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-30 23:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-30 23:39 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-30 23:36 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-28 21:55 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-28 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-28 18:56 --------- d-----w C:\Program Files\Roxio
2008-05-28 18:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET55.tmp
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET2F.tmp
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2006-06-16 00:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 22:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 18:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 17:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 16:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 22:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 15:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 15:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 15:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 15:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-29_ 1.59.30.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-17 19:56:58 117,584 ----a-w C:\WINDOWS\Downloaded Program Files\McContentMgr.dll
+ 2008-04-17 19:56:16 354,136 ----a-w C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll
+ 2008-04-17 19:57:18 119,112 ----a-w C:\WINDOWS\Downloaded Program Files\McLogMgr.dll
+ 2008-04-17 19:56:38 527,696 ----a-w C:\WINDOWS\Downloaded Program Files\McPlugins.dll
+ 2008-04-17 19:57:38 238,416 ----a-w C:\WINDOWS\Downloaded Program Files\McProdMgr.dll
+ 2008-04-17 19:55:34 291,680 ----a-w C:\WINDOWS\Downloaded Program Files\MVT.dll
+ 2008-04-17 19:53:54 147,456 ----a-w C:\WINDOWS\Downloaded Program Files\Uploader.exe
- 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28 35992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 23:40 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-11 23:12:27 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
.
Contents of the 'Scheduled Tasks' folder

2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 17:38:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-07-30 17:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 21:52:00
ComboFix2.txt 2008-07-29 06:00:08

Pre-Run: 54,000,242,688 bytes free
Post-Run: 54,036,430,848 bytes free

821 --- E O F --- 2008-07-28 13:58:13

here is the kaspersky Report..

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 30, 2008 8:32:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/07/2008
Kaspersky Anti-Virus database records: 1031195
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 102311
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 02:04:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{29946A7C-D1F8-4435-9EDB-70FBFF60AFD2}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Del User\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Del User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\dfsr.db Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsr.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\tmp.edb Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\History\History.IE5\MSHist012008073020080731\index.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\fb_2108.lck Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_KOWxE2IWYCv7MGH Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_lB2IdzGfokWr7e4 Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF121F.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF7B82.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F10.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F32.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF9EE9.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temp\~DF9F26.tmp Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\6IGS7SUV\p_502105779=0&[4].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[4].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[5].htm Object is locked skipped
C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Del User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Del User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iexfil.dll.vir Infected: Trojan.Win32.BHO.fby skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0048771.exe Infected: Trojan.Win32.BHO.ffb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0051066.dll Infected: Trojan.Win32.BHO.fby skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AB57B6E7-5E7A-4127-8378-D0FCFE1328AA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_1484.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_Cl7CJgVfgAOxh7W Object is locked skipped
C:\WINDOWS\Temp\mcmsc_604tz8zbkYIu1ph Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aMbcfEcqaHr7r2t Object is locked skipped
C:\WINDOWS\Temp\mcmsc_bbH0VRzKPufzQUg Object is locked skipped
C:\WINDOWS\Temp\sqlite_3F4zcuudRaMk9MJ Object is locked skipped
C:\WINDOWS\Temp\sqlite_ongn2xU8aucmtsw Object is locked skipped
C:\WINDOWS\Temp\sqlite_uxFdcxr0vLCYsl5 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

and here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:56 PM, on 7/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10458 bytes

again as for the report on system behaviour...everything seems to be back to normal....thank you so much once again chemist.

07-30-2008, 06:43 PM	#8 (permalink)
jerrinator Registered User Join Date: Jul 2008 Posts: 25 OS: win xp	Re: Popups about viruses and spyware anytime anything is done on the computer. hello again chemist......i did as instucted.... well it means alot because the popups stop coming...and well i ran the virtual technician (it found some registry problem that it fixed) and the problem seems to be gone with the systemguard....so i'm keeping the mcafee if you don't mind... here is the ComboFix file (and i should say it uncovered some things that i have to deal with the other users of this computer) ComboFix 08-07-28.4 - Del User 2008-07-30 17:29:12.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.142 [GMT -4:00] Running from: C:\Documents and Settings\Del User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Del User\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: C:\WINDOWS\system32\iexfil.dll C:\WINDOWS\system32\mssockah.dll C:\WINDOWS\system32\mstmpxmlfun.xml C:\WINDOWS\system32\wdkaent.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Desktop.ini C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Keygen.rar C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Thumbs.db <snip> C:\WINDOWS\system32\iexfil.dll C:\WINDOWS\system32\mssockah.dll C:\WINDOWS\system32\mstmpxmlfun.xml C:\WINDOWS\system32\wdkaent.dll . ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))) . 2008-07-28 19:45 . 2008-07-28 19:45 <DIR> d-------- C:\Deckard 2008-07-27 11:03 . 2008-07-27 11:03 <DIR> d-------- C:\Program Files\MSECache 2008-07-26 16:26 . 2008-07-26 16:26 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-26 16:26 . 2008-07-29 09:36 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-07-26 16:24 . 2008-03-07 13:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-26 16:24 . 2008-03-07 13:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-26 16:24 . 2008-03-07 13:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-25 18:03 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-07-25 18:03 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-07-25 03:12 . 2008-07-25 03:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-25 02:44 . 2008-07-25 02:44 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-07-25 00:32 . 2008-07-25 00:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-24 14:00 . 2008-07-24 14:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\Reallusion 2008-07-24 13:58 . 2008-07-24 13:58 <DIR> d-------- C:\Program Files\Common Files\Reallusion 2008-07-23 13:24 . 2008-07-23 13:24 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\fltk.org 2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\en 2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-18 23:49 . 2008-07-18 23:49 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-18 23:45 . 2008-07-18 23:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-18 23:40 . 2008-07-26 16:26 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-07-18 23:36 . 2008-07-18 23:36 <DIR> d-------- C:\WINDOWS\EHome 2008-07-18 23:23 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-07-18 23:22 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-07-18 23:22 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-07-18 23:22 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-07-18 23:22 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll 2008-07-18 23:22 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll 2008-07-18 23:22 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-07-18 23:22 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-07-18 23:22 . 2007-09-17 04:48 1,261 --------- C:\WINDOWS\system32\pid.inf 2008-07-18 22:29 . 2008-07-18 22:30 <DIR> d-------- C:\Program Files\Safari 2008-07-17 22:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-17 22:04 . 2008-07-17 22:04 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-15 21:22 . 2008-07-18 20:55 <DIR> d-------- C:\Documents and Settings\Del User\.housecall6.6 2008-07-15 21:01 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-07-15 20:59 . 2008-07-15 21:20 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6 2008-07-14 23:47 . 2008-07-14 23:47 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-07-13 17:40 . 2008-07-13 17:40 <DIR> d-------- C:\ie-spyad_zo 2008-07-13 17:04 . 2008-07-27 23:49 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-13 15:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-07-13 15:44 . 2008-07-13 15:44 <DIR> d-------- C:\Program Files\Panda Security 2008-07-11 00:13 . 2008-07-11 00:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-10 21:26 . 2008-07-26 11:21 64,324 --ah----- C:\WINDOWS\system32\mlfcache.dat 2008-07-10 21:07 . 2008-07-10 21:08 <DIR> d-------- C:\Program Files\iTunes 2008-07-10 21:07 . 2008-07-10 21:07 <DIR> d-------- C:\Program Files\iPod 2008-07-10 20:56 . 2008-07-10 21:00 <DIR> d-------- C:\Program Files\QuickTime 2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Program Files\NOS 2008-07-10 15:18 . 2008-07-10 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-07-10 14:41 . 2008-04-23 00:16 6,066,176 --a------ C:\WINDOWS\system32\SET5E.tmp 2008-07-10 11:26 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe 2008-07-09 21:46 . 2008-07-10 00:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-09 21:46 . 2008-07-10 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-09 20:31 . 2008-07-09 20:31 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-06 22:12 . 2008-07-06 22:12 <DIR> d-------- C:\WINDOWS\speech 2008-07-06 22:08 . 2008-07-06 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-07-06 10:04 . 2008-07-06 10:04 <DIR> d-------- C:\Program Files\Sun 2008-07-05 13:29 . 2008-07-05 13:29 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2008-07-05 13:24 . 2008-07-05 13:25 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\bang 2008-07-03 23:05 . 2008-07-03 23:05 268 --ah----- C:\sqmdata16.sqm 2008-07-03 23:05 . 2008-07-03 23:05 244 --ah----- C:\sqmnoopt16.sqm 2008-07-03 18:55 . 2008-07-03 18:55 268 --ah----- C:\sqmdata15.sqm 2008-07-03 18:55 . 2008-07-03 18:55 244 --ah----- C:\sqmnoopt15.sqm 2008-06-28 15:21 . 2008-06-28 15:21 268 --ah----- C:\sqmdata14.sqm 2008-06-28 15:21 . 2008-06-28 15:21 244 --ah----- C:\sqmnoopt14.sqm 2008-06-27 23:59 . 2008-06-27 23:59 268 --ah----- C:\sqmdata13.sqm 2008-06-27 23:59 . 2008-06-27 23:59 244 --ah----- C:\sqmnoopt13.sqm 2008-06-27 18:19 . 2008-06-27 18:19 268 --ah----- C:\sqmdata12.sqm 2008-06-27 18:19 . 2008-06-27 18:19 244 --ah----- C:\sqmnoopt12.sqm 2008-06-26 22:12 . 2008-06-26 22:12 268 --ah----- C:\sqmdata11.sqm 2008-06-26 22:12 . 2008-06-26 22:12 244 --ah----- C:\sqmnoopt11.sqm 2008-06-26 14:45 . 2008-06-26 14:45 <DIR> d-------- C:\Program Files\bfgclient 2008-06-26 14:45 . 2008-06-26 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-06-25 22:28 . 2008-06-25 22:28 268 --ah----- C:\sqmdata10.sqm 2008-06-25 22:28 . 2008-06-25 22:28 244 --ah----- C:\sqmnoopt10.sqm 2008-06-25 17:45 . 2008-06-25 17:45 268 --ah----- C:\sqmdata09.sqm 2008-06-25 17:45 . 2008-06-25 17:45 244 --ah----- C:\sqmnoopt09.sqm 2008-06-25 15:37 . 2008-06-25 15:37 268 --ah----- C:\sqmdata08.sqm 2008-06-25 15:37 . 2008-06-25 15:37 244 --ah----- C:\sqmnoopt08.sqm 2008-06-24 16:31 . 2008-06-24 16:31 268 --ah----- C:\sqmdata07.sqm 2008-06-24 16:31 . 2008-06-24 16:31 244 --ah----- C:\sqmnoopt07.sqm 2008-06-23 22:51 . 2008-06-23 22:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee 2008-06-23 22:50 . 2008-06-23 22:50 268 --ah----- C:\sqmdata06.sqm 2008-06-23 22:50 . 2008-06-23 22:50 244 --ah----- C:\sqmnoopt06.sqm 2008-06-23 20:39 . 2008-06-23 20:39 268 --ah----- C:\sqmdata05.sqm 2008-06-23 20:39 . 2008-06-23 20:39 244 --ah----- C:\sqmnoopt05.sqm 2008-06-23 18:53 . 2008-06-23 18:53 <DIR> d-------- C:\Program Files\OpenAL 2008-06-23 18:53 . 2008-06-23 19:15 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-06-23 18:53 . 2008-06-23 19:15 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-06-20 20:46 . 2008-06-20 20:46 0 --a------ C:\WINDOWS\PowerReg.dat 2008-06-20 13:46 . 2008-06-20 13:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 13:46 . 2008-06-20 13:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 07:51 . 2008-06-20 07:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 07:40 . 2008-06-20 07:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 07:08 . 2008-06-20 07:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-16 20:28 . 2007-03-07 19:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll 2008-06-16 20:28 . 2007-03-07 19:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-16 20:28 . 2007-03-07 19:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-14 13:35 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-06-14 13:35 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-06-14 13:35 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-06-14 13:35 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-06-14 13:35 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-06-14 13:35 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-06-14 13:35 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-06-14 13:35 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-06-13 14:40 . 2008-06-13 14:40 38 --a------ C:\WINDOWS\avisplitter.INI 2008-06-10 19:15 . 2008-06-11 21:00 <DIR> d-------- C:\Documents and Settings\Del User\Application Data\PowerChallenge 2008-06-10 19:13 . 2008-06-13 07:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 19:13 . 2008-06-13 07:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 19:13 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-09 15:23 . 2008-06-09 15:23 37 --a------ C:\WINDOWS\SWFConverter.INI 2008-06-09 14:41 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-06-09 14:41 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll 2008-06-09 14:41 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll 2008-06-09 14:41 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll 2008-06-09 14:41 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll 2008-06-09 14:41 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll 2008-06-09 14:41 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll 2008-06-09 14:35 . 2008-06-09 14:35 <DIR> d-------- C:\WINDOWS\Logs 2008-06-08 20:21 . 2008-06-08 20:21 268 --ah----- C:\sqmdata04.sqm 2008-06-08 20:21 . 2008-06-08 20:21 244 --ah----- C:\sqmnoopt04.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-30 21:00 --------- d-----w C:\Program Files\McAfee 2008-07-28 17:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor 2008-07-28 03:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-25 06:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-25 01:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-21 01:38 --------- d-----w C:\Documents and Settings\Del User\Application Data\SiteAdvisor 2008-07-18 02:06 --------- d-----w C:\Program Files\Java 2008-07-15 03:45 --------- d-----w C:\Program Files\Common Files\Real 2008-07-13 19:28 --------- d-----w C:\Program Files\Real 2008-07-11 04:07 --------- d-----w C:\Program Files\DivX 2008-07-11 01:18 --------- d-----w C:\Documents and Settings\Del User\Application Data\Apple Computer 2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-10 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-09 05:32 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-07-07 02:57 --------- d-----w C:\Program Files\Google 2008-06-23 19:57 --------- d-----w C:\Documents and Settings\Del User\Application Data\McAfee 2008-06-23 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-01 17:01 --------- d-----w C:\Program Files\Microsoft Works 2008-05-31 01:09 --------- d-----w C:\Program Files\Web Publish 2008-05-31 00:21 --------- d-----w C:\Program Files\Common Files\Broderbund 2008-05-31 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund 2008-05-31 00:10 --------- d-----w C:\Program Files\Broderbund 2008-05-31 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund Software 2008-05-30 23:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-05-30 23:39 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-05-30 23:39 --------- d-----w C:\Program Files\Common Files\L&H 2008-05-30 23:36 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-28 21:55 --------- d-----w C:\Program Files\Common Files\Nero 2008-05-28 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-05-28 18:56 --------- d-----w C:\Program Files\Roxio 2008-05-28 18:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll 2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET55.tmp 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\SET2F.tmp 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys 2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll 2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll 2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll 2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll 2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll 2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll 2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll 2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll 2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll 2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll 2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll 2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll 2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll 2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll 2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll 2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll 2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll 2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll 2006-06-16 00:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 22:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 18:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 17:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 16:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 22:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 15:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 15:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 15:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 15:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-29_ 1.59.30.14 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-17 19:56:58 117,584 ----a-w C:\WINDOWS\Downloaded Program Files\McContentMgr.dll + 2008-04-17 19:56:16 354,136 ----a-w C:\WINDOWS\Downloaded Program Files\McHealthCheck.dll + 2008-04-17 19:57:18 119,112 ----a-w C:\WINDOWS\Downloaded Program Files\McLogMgr.dll + 2008-04-17 19:56:38 527,696 ----a-w C:\WINDOWS\Downloaded Program Files\McPlugins.dll + 2008-04-17 19:57:38 238,416 ----a-w C:\WINDOWS\Downloaded Program Files\McProdMgr.dll + 2008-04-17 19:55:34 291,680 ----a-w C:\WINDOWS\Downloaded Program Files\MVT.dll + 2008-04-17 19:53:54 147,456 ----a-w C:\WINDOWS\Downloaded Program Files\Uploader.exe - 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-07-29 03:47:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-07-30 21:07:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-24 16:28 35992] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 23:40 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-11 23:12:27 24576] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24] . Contents of the 'Scheduled Tasks' folder 2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 17:38:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe . ************************************************************************ . Completion time: 2008-07-30 17:52:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-30 21:52:00 ComboFix2.txt 2008-07-29 06:00:08 Pre-Run: 54,000,242,688 bytes free Post-Run: 54,036,430,848 bytes free 821 --- E O F --- 2008-07-28 13:58:13 here is the kaspersky Report.. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, July 30, 2008 8:32:15 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 30/07/2008 Kaspersky Anti-Virus database records: 1031195 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 102311 Number of viruses found: 3 Number of infected objects: 5 Number of suspicious objects: 0 Duration of the scan process: 02:04:51 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{29946A7C-D1F8-4435-9EDB-70FBFF60AFD2}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\Documents and Settings\Del User\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped C:\Documents and Settings\Del User\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\dfsr.db Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsr.log Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\fsrtmp.log Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Messenger\liltrini_capriboi@hotmail.com\SharingMetadata\Working\database_4ED0_4FDC_D04F_C943\tmp.edb Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Application Data\Microsoft\Windows Live Contacts\liltrini_capriboi@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Del User\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\History\History.IE5\MSHist012008073020080731\index.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\fb_2108.lck Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_KOWxE2IWYCv7MGH Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\sqlite_lB2IdzGfokWr7e4 Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF121F.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF7B82.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F10.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF8F32.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF9EE9.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temp\~DF9F26.tmp Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\6IGS7SUV\p_502105779=0&[4].htm Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[4].htm Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\DCAI4DVC\p_502105779=0&[5].htm Object is locked skipped C:\Documents and Settings\Del User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Nero 8 Ultra Edition 8.2.8.0\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped C:\Documents and Settings\Del User\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Del User\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Nero\Nero8\Nero BackItUp\BIU2.txt Object is locked skipped C:\QooBox\Quarantine\C\WINDOWS\system32\iexfil.dll.vir Infected: Trojan.Win32.BHO.fby skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP183\A0048771.exe Infected: Trojan.Win32.BHO.ffb skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\A0051066.dll Infected: Trojan.Win32.BHO.fby skipped C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{AB57B6E7-5E7A-4127-8378-D0FCFE1328AA}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\fb_1484.lck Object is locked skipped C:\WINDOWS\Temp\mcafee_Cl7CJgVfgAOxh7W Object is locked skipped C:\WINDOWS\Temp\mcmsc_604tz8zbkYIu1ph Object is locked skipped C:\WINDOWS\Temp\mcmsc_aMbcfEcqaHr7r2t Object is locked skipped C:\WINDOWS\Temp\mcmsc_bbH0VRzKPufzQUg Object is locked skipped C:\WINDOWS\Temp\sqlite_3F4zcuudRaMk9MJ Object is locked skipped C:\WINDOWS\Temp\sqlite_ongn2xU8aucmtsw Object is locked skipped C:\WINDOWS\Temp\sqlite_uxFdcxr0vLCYsl5 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. and here is the hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:56 PM, on 7/30/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://.mcafee.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe -- End of file - 10458 bytes again as for the report on system behaviour...everything seems to be back to normal....thank you so much once again chemist. Last edited by tetonbob; 07-30-2008 at 08:01 PM.