Vista Antivirus 2008???

gheorge31 · 07-18-2008, 02:16 PM

One of our PCs has an awfuk hijacker called Vista Antivirus 2008.. I have been working all day and night and can't get rid of it... can anyone assist me as its making me crazy. Popups, reloading of files... I've scanned with AdAware, Spybot & Malwarebytes & have SpyWareblaster. I have no idea how to resolve. HELP!!

gheorge31 · 07-18-2008, 04:39 PM

Deckard's System Scanner v20071014.68
Run by Karen on 2008-07-18 17:21:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
127: 2008-07-18 21:21:21 UTC - RP642 - Deckard's System Scanner Restore Point
126: 2008-07-18 15:43:39 UTC - RP641 - Removed Symantec AntiVirus
125: 2008-07-18 15:40:27 UTC - RP640 - Removed Sonic Update Manager
124: 2008-07-18 15:40:10 UTC - RP639 - Removed Sonic RecordNow!
123: 2008-07-18 15:39:52 UTC - RP638 - Removed MyDVD

-- First Restore Point --
1: 2008-07-06 17:14:14 UTC - RP516 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Karen.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-18 17:23:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Karen\Desktop\dss.exe
C:\Temp\HighJackThis\Karen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1815387B-1883-44ED-908E-2677F77F75B5} - C:\WINDOWS\system32\avica.dll
O2 - BHO: (no name) - {3D0A16AF-F156-45CA-8DD7-83C4120961E0} - (no file)
O2 - BHO: (no name) - {4D815C00-B485-4B50-9B2A-E14B7C19A09B} - C:\WINDOWS\system32\avica.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {80212FF0-F696-4D40-B542-62E03D0DF03E} - C:\WINDOWS\system32\avica.dll
O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
O2 - BHO: (no name) - {9FA11565-B4EC-4DED-B78B-436E577318E6} - C:\WINDOWS\system32\avica.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: {dbf2bd6b-7315-99f8-3074-3c936a8bce3d} - {d3ecb8a6-39c3-4703-8f99-5137b6db2fbd} - C:\WINDOWS\system32\xsnvwm.dll
O2 - BHO: (no name) - {FD01A15B-A90E-4135-896F-17868F1C54B6} - C:\WINDOWS\system32\avica.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1168976609343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168976566359
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} () - http://a.download.toontown.com/sv1.0.24.24/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload.macromedia.com/get...sh/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: xxyxUkiG - C:\WINDOWS\system32\xxyxUkiG.dll (file missing)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

--
End of file - 9067 bytes

-- HijackThis Fixed Entries (C:\Temp\HIGHJA~1\backups\) ------------------------

backup-20080718-122720-360 O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
backup-20080718-122720-412 O11 - Options group: [INTERNATIONAL] International*
backup-20080718-122720-538 O23 - Service: MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (file missing)
backup-20080718-122720-565 O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
backup-20080718-122720-756 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20080718-122720-922 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Lavasoft Ad-Aware Service) - "c:\program files\lavasoft\ad-aware\aawservice.exe" <Not Verified; Lavasoft; Ad-Aware Service>

S4 MSSQL$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlservr.exe -smicrosoftbcm (file missing)
S4 MSSQLServerADHelper - c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe (file missing)
S4 SQLAgent$MICROSOFTBCM - c:\program files\microsoft sql server\mssql$microsoftbcm\binn\sqlagent.exe -i microsoftbcm (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-17 17:07:16 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-18 14:33:42 0 d-------- C:\WINDOWS\CSC
2008-07-18 12:30:35 0 d-------- C:\Documents and Settings\Karen\Application Data\Malwarebytes
2008-07-18 12:30:33 17144 --a------ C:\WINDOWS\system32\drivers\mbam.sys <Not Verified; Malwarebytes Corporation; Malwarebytes' Anti-Malware>
2008-07-18 12:30:32 34296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-18 12:30:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 12:30:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 11:53:13 0 d-------- C:\Documents and Settings\Karen\Application Data\Google
2008-07-18 11:50:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-18 11:50:02 0 d-------- C:\Program Files\Google
2008-07-18 11:18:02 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2008-07-18 11:18:02 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS <Not Verified; Symantec Corporation; SYMEVENT>
2008-07-18 11:17:37 0 d-------- C:\Program Files\Symantec
2008-07-18 11:04:00 0 d-------- C:\Documents and Settings\Karen\Application Data\Morpheus
2008-07-18 11:02:51 0 d-------- C:\Program Files\Morpheus
2008-07-18 10:16:56 0 d-------- C:\Program Files\Enigma Software Group
2008-07-18 10:11:43 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-18 10:11:32 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-17 20:51:59 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-17 17:19:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 16:10:34 0 d-------- C:\f33f171db22688ce5536b501
2008-07-17 15:50:55 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 14:18:37 0 d-------- C:\Program Files\Lavasoft
2008-07-17 14:18:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-17 13:42:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-17 13:20:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 13:14:25 0 d-------- C:\Program Files\RegCleaner
2008-07-17 13:13:42 0 d-------- C:\Program Files\SpywareBlaster
2008-07-17 13:04:24 103424 --a------ C:\WINDOWS\system32\xsnvwm.dll
2008-07-17 13:04:22 103424 --a------ C:\WINDOWS\system32\avwrvqvu.dll
2008-07-14 14:11:02 102400 --a------ C:\WINDOWS\system32\slvwgu.dll
2008-07-14 14:11:01 102400 --a------ C:\WINDOWS\system32\sbnvjada.dll
2008-07-11 20:08:24 103424 --a------ C:\WINDOWS\system32\ixtatf.dll
2008-07-11 20:08:22 103424 --a------ C:\WINDOWS\system32\lstepcyi.dll
2008-07-09 20:01:33 102912 --a------ C:\WINDOWS\system32\ikmjvy.dll
2008-07-09 20:01:32 102912 --a------ C:\WINDOWS\system32\npkimtri.dll
2008-07-09 19:59:26 91136 --a------ C:\WINDOWS\system32\tsvqndmj.dll
2008-07-07 19:31:03 103424 --a------ C:\WINDOWS\system32\fjjttv.dll
2008-07-07 19:31:01 103424 --a------ C:\WINDOWS\system32\wrjtduhm.dll
2008-07-07 19:25:35 101632 --a------ C:\WINDOWS\system32\avica.dll
2008-07-07 19:22:55 91648 --a------ C:\WINDOWS\system32\hofjchgw.dll
2008-07-06 13:13:59 852513 --ahs---- C:\WINDOWS\system32\MWyIlUtv.ini2
2008-07-05 22:58:51 0 d-------- C:\WINDOWS\system32\modtrux01
2008-07-05 22:58:49 0 d-------- C:\Temp
2008-07-01 14:17:40 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-01 14:10:50 0 d-------- C:\WINDOWS\pss
2008-07-01 00:10:09 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-01 00:10:07 0 d-------- C:\Documents and Settings\Karen\Application Data\MSN6
2008-06-20 21:15:30 0 d-------- C:\Documents and Settings\LocalService\Desktop

-- Find3M Report ---------------------------------------------------------------

2008-07-18 14:25:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-18 10:11:32 0 d-------- C:\Program Files\Common Files
2008-07-18 10:10:14 0 d-------- C:\Program Files\Java
2008-07-18 09:58:07 0 d-------- C:\Program Files\MUSICMATCH
2008-07-18 09:57:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-17 21:07:01 0 d-------- C:\Program Files\Real
2008-07-17 16:05:09 0 d-------- C:\Program Files\Dell
2008-07-11 00:11:53 0 d-------- C:\Program Files\Viewpoint
2008-07-02 18:05:33 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 11:58:04 12632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-07 01:18:48 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2008-04-20 12:08:15 609209 --a------ C:\WINDOWS\system32\joey

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1815387B-1883-44ED-908E-2677F77F75B5}]
07/15/2008 03:32 PM 101632 --a------ C:\WINDOWS\system32\avica.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D0A16AF-F156-45CA-8DD7-83C4120961E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D815C00-B485-4B50-9B2A-E14B7C19A09B}]
07/15/2008 03:32 PM 101632 --a------ C:\WINDOWS\system32\avica.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80212FF0-F696-4D40-B542-62E03D0DF03E}]
07/15/2008 03:32 PM 101632 --a------ C:\WINDOWS\system32\avica.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C28EAFB-FF50-4F42-8D39-A006129CC907}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FA11565-B4EC-4DED-B78B-436E577318E6}]
07/15/2008 03:32 PM 101632 --a------ C:\WINDOWS\system32\avica.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3ecb8a6-39c3-4703-8f99-5137b6db2fbd}]
07/17/2008 01:04 PM 103424 --a------ C:\WINDOWS\system32\xsnvwm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD01A15B-A90E-4135-896F-17868F1C54B6}]
07/15/2008 03:32 PM 101632 --a------ C:\WINDOWS\system32\avica.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [04/03/2002 02:01 AM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [10/07/2003 05:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/26/2008 03:41 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07/18/2008 11:50 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxUkiG]
xxyxUkiG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlIyWM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a204c5be-edef-11db-ab12-000d5628343f}]
AutoRun\command- E:\GETMYPIX.EXE

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8828 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-18 17:24:02 ------------

gheorge31 · 07-18-2008, 04:56 PM

ComboFix 08-07-17.4 - Karen 2008-07-18 19:45:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.920 [GMT -4:00]
Running from: C:\Documents and Settings\Karen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Karen\err.log
C:\WINDOWS\system32\avica.dll
C:\WINDOWS\system32\avwrvqvu.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\eoeravla.ini
C:\WINDOWS\system32\exbuinfs.ini
C:\WINDOWS\system32\fjjttv.dll
C:\WINDOWS\system32\hofjchgw.dll
C:\WINDOWS\system32\ikmjvy.dll
C:\WINDOWS\system32\ixtatf.dll
C:\WINDOWS\system32\lnqeqdmt.ini
C:\WINDOWS\system32\lstepcyi.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\MWyIlUtv.ini
C:\WINDOWS\system32\MWyIlUtv.ini2
C:\WINDOWS\system32\mxbcgfvd.ini
C:\WINDOWS\system32\npkimtri.dll
C:\WINDOWS\system32\sbnvjada.dll
C:\WINDOWS\system32\slvwgu.dll
C:\WINDOWS\system32\tsvqndmj.dll
C:\WINDOWS\system32\winsrc.dll.tmp
C:\WINDOWS\system32\wrjtduhm.dll
C:\WINDOWS\system32\xsnvwm.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-18 17:21 . 2008-07-18 17:21 <DIR> d-------- C:\Deckard
2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\Malwarebytes
2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 12:30 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-18 12:30 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 12:25 . 2008-07-18 17:23 <DIR> d-------- C:\Temp\HighJackThis
2008-07-18 11:50 . 2008-07-18 11:50 <DIR> d-------- C:\Program Files\Google
2008-07-18 11:18 . 2008-07-18 11:18 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-18 11:18 . 2008-07-18 11:18 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-18 11:18 . 2008-07-18 11:18 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-18 11:18 . 2008-07-18 11:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-18 11:17 . 2008-07-18 11:48 <DIR> d-------- C:\Program Files\Symantec
2008-07-18 11:06 . 2008-07-18 11:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 11:06 . 2008-07-18 11:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-18 11:04 . 2008-07-18 11:08 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\Morpheus
2008-07-18 11:02 . 2008-07-18 11:08 <DIR> d-------- C:\Program Files\Morpheus
2008-07-18 10:16 . 2008-07-18 11:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-18 10:11 . 2008-07-18 10:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-18 10:11 . 2008-07-18 10:11 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-07-18 10:04 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-17 20:51 . 2008-07-17 21:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-17 17:19 . 2008-07-17 17:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 16:10 . 2008-07-17 16:15 <DIR> d-------- C:\f33f171db22688ce5536b501
2008-07-17 15:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-07-17 14:18 . 2008-07-17 17:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-17 14:18 . 2008-07-17 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-17 13:56 . 2008-07-17 13:56 0 --a------ C:\WINDOWS\vpc32.INI
2008-07-17 13:42 . 2008-07-18 11:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-17 13:20 . 2008-07-17 13:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-17 13:20 . 2008-07-17 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 13:14 . 2008-07-17 14:02 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-17 13:13 . 2008-07-17 13:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-17 13:13 . 2008-07-17 13:13 <DIR> d-------- C:\Program Files\CleanUp!
2008-07-14 21:05 . 2008-07-14 21:05 1,879,563 --ahs---- C:\WINDOWS\system32\mxbcgfvd.tmp
2008-07-05 22:58 . 2008-07-05 22:58 <DIR> d-------- C:\WINDOWS\system32\modtrux01
2008-07-05 22:58 . 2008-07-18 13:05 <DIR> d-------- C:\Temp
2008-07-01 00:10 . 2008-07-18 14:10 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\MSN6
2008-07-01 00:10 . 2008-07-01 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 18:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-18 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-18 14:10 --------- d-----w C:\Program Files\Java
2008-07-18 13:58 --------- d-----w C:\Program Files\MUSICMATCH
2008-07-18 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 01:07 --------- d-----w C:\Program Files\Real
2008-07-17 20:05 --------- d-----w C:\Program Files\Dell
2008-07-11 04:11 --------- d-----w C:\Program Files\Viewpoint
2008-07-11 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-02 22:05 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

------- Sigcheck -------

2003-07-16 12:41 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-07-16 12:43 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 01:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 01:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2003-07-16 12:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\wininet.dll
2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2003-07-16 12:41 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2003-07-16 12:45 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2003-03-06 11:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 12:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-07-16 12:40 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 23:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 08:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 23:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-07-16 12:33 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 10:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

07-18-2008, 02:16 PM	#1 (permalink)
gheorge31 Registered User Join Date: Jul 2008 Posts: 3 OS: Windows XP	Vista Antivirus 2008??? One of our PCs has an awfuk hijacker called Vista Antivirus 2008.. I have been working all day and night and can't get rid of it... can anyone assist me as its making me crazy. Popups, reloading of files... I've scanned with AdAware, Spybot & Malwarebytes & have SpyWareblaster. I have no idea how to resolve. HELP!!

07-18-2008, 04:56 PM	#3 (permalink)
gheorge31 Registered User Join Date: Jul 2008 Posts: 3 OS: Windows XP	Re: Vista Antivirus 2008??? ComboFix 08-07-17.4 - Karen 2008-07-18 19:45:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.920 [GMT -4:00] Running from: C:\Documents and Settings\Karen\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Karen\err.log C:\WINDOWS\system32\avica.dll C:\WINDOWS\system32\avwrvqvu.dll C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\eoeravla.ini C:\WINDOWS\system32\exbuinfs.ini C:\WINDOWS\system32\fjjttv.dll C:\WINDOWS\system32\hofjchgw.dll C:\WINDOWS\system32\ikmjvy.dll C:\WINDOWS\system32\ixtatf.dll C:\WINDOWS\system32\lnqeqdmt.ini C:\WINDOWS\system32\lstepcyi.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\MWyIlUtv.ini C:\WINDOWS\system32\MWyIlUtv.ini2 C:\WINDOWS\system32\mxbcgfvd.ini C:\WINDOWS\system32\npkimtri.dll C:\WINDOWS\system32\sbnvjada.dll C:\WINDOWS\system32\slvwgu.dll C:\WINDOWS\system32\tsvqndmj.dll C:\WINDOWS\system32\winsrc.dll.tmp C:\WINDOWS\system32\wrjtduhm.dll C:\WINDOWS\system32\xsnvwm.dll . ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))) . 2008-07-18 17:21 . 2008-07-18 17:21 <DIR> d-------- C:\Deckard 2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\Malwarebytes 2008-07-18 12:30 . 2008-07-18 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-18 12:30 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-18 12:30 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-18 12:25 . 2008-07-18 17:23 <DIR> d-------- C:\Temp\HighJackThis 2008-07-18 11:50 . 2008-07-18 11:50 <DIR> d-------- C:\Program Files\Google 2008-07-18 11:18 . 2008-07-18 11:18 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-07-18 11:18 . 2008-07-18 11:18 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-07-18 11:18 . 2008-07-18 11:18 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-07-18 11:18 . 2008-07-18 11:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-07-18 11:17 . 2008-07-18 11:48 <DIR> d-------- C:\Program Files\Symantec 2008-07-18 11:06 . 2008-07-18 11:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-18 11:06 . 2008-07-18 11:06 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-18 11:04 . 2008-07-18 11:08 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\Morpheus 2008-07-18 11:02 . 2008-07-18 11:08 <DIR> d-------- C:\Program Files\Morpheus 2008-07-18 10:16 . 2008-07-18 11:26 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-07-18 10:11 . 2008-07-18 10:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-07-18 10:11 . 2008-07-18 10:11 1,152 --a------ C:\WINDOWS\system32\windrv.sys 2008-07-18 10:04 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-17 20:51 . 2008-07-17 21:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-17 17:19 . 2008-07-17 17:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-17 16:10 . 2008-07-17 16:15 <DIR> d-------- C:\f33f171db22688ce5536b501 2008-07-17 15:50 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-07-17 14:18 . 2008-07-17 17:33 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-17 14:18 . 2008-07-17 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-17 13:56 . 2008-07-17 13:56 0 --a------ C:\WINDOWS\vpc32.INI 2008-07-17 13:42 . 2008-07-18 11:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-17 13:20 . 2008-07-17 13:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-17 13:20 . 2008-07-17 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-17 13:14 . 2008-07-17 14:02 <DIR> d-------- C:\Program Files\RegCleaner 2008-07-17 13:13 . 2008-07-17 13:44 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-07-17 13:13 . 2008-07-17 13:13 <DIR> d-------- C:\Program Files\CleanUp! 2008-07-14 21:05 . 2008-07-14 21:05 1,879,563 --ahs---- C:\WINDOWS\system32\mxbcgfvd.tmp 2008-07-05 22:58 . 2008-07-05 22:58 <DIR> d-------- C:\WINDOWS\system32\modtrux01 2008-07-05 22:58 . 2008-07-18 13:05 <DIR> d-------- C:\Temp 2008-07-01 00:10 . 2008-07-18 14:10 <DIR> d-------- C:\Documents and Settings\Karen\Application Data\MSN6 2008-07-01 00:10 . 2008-07-01 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 18:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-18 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-18 14:10 --------- d-----w C:\Program Files\Java 2008-07-18 13:58 --------- d-----w C:\Program Files\MUSICMATCH 2008-07-18 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 01:07 --------- d-----w C:\Program Files\Real 2008-07-17 20:05 --------- d-----w C:\Program Files\Dell 2008-07-11 04:11 --------- d-----w C:\Program Files\Viewpoint 2008-07-11 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-02 22:05 --------- d-----w C:\Program Files\Apple Software Update 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ------- Sigcheck ------- 2003-07-16 12:41 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe 2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe 2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll 2003-07-16 12:43 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtServicePackUninstall$\user32.dll 2004-08-04 01:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll 2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll 2004-08-04 01:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll 2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll 2003-07-16 12:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll 2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll 2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\wininet.dll 2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\system32\dllcache\wininet.dll 2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2003-07-16 12:41 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys 2003-07-16 12:45 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2003-03-06 11:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys 2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys 2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys 2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe 2006-12-19 12:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe 2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe 2003-07-16 12:40 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe 2004-08-03 23:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 2006-12-19 08:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe 2004-08-03 23:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe 2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\ntkrnlpa.exe 2007-02-28 04:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe 2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2003-07-16 12:33 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe 2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2006-12-19 10:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe 2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe 2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\ntoskrnl.exe 2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe