vundo/vundo778/haxdoore

[birdsbarr]

i have these 3 spy ware right now my anti spy wont remove them i have ca secrity suite 2009 this is the second time i have got this i had it all removed 6 days ago but opon removel my pc did a hard reboot and than i had no more inter net accsess and i could get no help so i reformat my hdd and reinstalled windows xp sp2 the pc worked grate so yester day i noticed my auto updates was turned off so i turned it back on and did spy ware scan i got rid of haxdoor e for now but the vundo and vundo 778 my anti spy ware cant get rid of them it has some run time error if need i can get that to i have the locations for the spy ware ill past them next im also haveing the problum of windows xp sp3 up date got interupted and now it wont finish dl ill thanx u now for the help :) also im getting lots of popups now telling me to dl this and scan that but i know better and if u r wondering this is the attach.zip file but it named it ark.zip sorry it is the same so thnxs for the help

CA Anti-Spyware Log Report
This report was generated on: 4/12/2009-10:42:42 AM


4/11/2009-11:24:18 PM , Quarantined , Haxdoor E , Backdoor , Key "hkey_local_machine \system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list" value "c:\windows\explorer.exe" , -1
4/11/2009-11:24:57 PM , Quarantined , Vundo , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\shellserviceobjectdelayload" value "ssodl" , -1
4/11/2009-11:24:57 PM , Quarantined , Vundo , Trojan , Key "hkey_local_machine \software\microsoft\dslcnnct" , -1
4/11/2009-11:25:11 PM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/11/2009-11:25:11 PM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer\sharedtaskscheduler" value "{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-1:42:43 AM , Quarantined , Haxdoor E , Backdoor , Key "hkey_local_machine \system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list" value "c:\windows\explorer.exe" , -1
4/12/2009-1:42:59 AM , Quarantined , Vundo , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\shellserviceobjectdelayload" value "ssodl" , -1
4/12/2009-1:43:07 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-1:43:07 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer\sharedtaskscheduler" value "{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-3:45:37 AM , Quarantined , Vundo , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\shellserviceobjectdelayload" value "ssodl" , -1
4/12/2009-3:45:57 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-3:45:57 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer\sharedtaskscheduler" value "{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-3:51:44 AM , Quarantined , Vundo , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\shellserviceobjectdelayload" value "ssodl" , -1
4/12/2009-3:51:49 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\classes\clsid\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
4/12/2009-3:51:49 AM , Quarantined , Vundo 778 , Trojan , Key "hkey_local_machine \software\microsoft\windows\currentversion\explorer\sharedtaskscheduler" value "{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}" , -1
***End Report***


DDS (Ver_09-03-16.01) - NTFSx86
Run by andy at 21:56:38.73 on Sun 04/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.304 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Documents and Settings\andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {287c85ec-b239-485c-b86c-6700e34500c1} - c:\windows\system32\zisuruhi.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [foyukuvifo] Rundll32.exe "c:\windows\system32\kugokigu.dll",s
mRun: [f48b630f] rundll32.exe "c:\windows\system32\pasaruwe.dll",b
mRun: [CPMf7b85093] Rundll32.exe "c:\windows\system32\wiwuzoza.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239193610828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\windows\system32\dasofupu.dll c:\windows\system32\wiwuzoza.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wiwuzoza.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\wiwuzoza.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
LSA: Notification Packages = INDOWS\system32\dasofupu.dll c:\windows\system32\dasofupu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\yp7061go.default\
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\application data\mozilla\firefox\profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-12-12 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-8 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-8 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-8 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-12-12 144376]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-8 292080]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-4-8 200192]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-8 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-8 108368]
S2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

=============== Created Last 30 ================

2009-04-12 11:19 1,403,888 ---sh--- c:\windows\system32\ewurasap.ini
2009-04-12 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-04-11 23:20 3 ---sh--- c:\windows\system32\jejesahe.dll
2009-04-11 23:20 109,568 a--sh--- c:\windows\system32\rehoruzu.dll
2009-04-11 23:20 71,168 a--sh--- c:\windows\system32\fejuvizo.dll
2009-04-11 23:20 62,976 a--sh--- c:\windows\system32\kebajuvi.exe
2009-04-11 11:19 3 ---sh--- c:\windows\system32\jakadoje.dll
2009-04-10 23:12 <DIR> --d----- c:\program files\vokamope
2009-04-10 23:12 <DIR> --d----- c:\program files\tezezubu
2009-04-10 23:12 <DIR> --d----- c:\program files\jipijora
2009-04-09 20:28 <DIR> --d----- c:\program files\NetZero
2009-04-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NetZero
2009-04-09 20:28 <DIR> --d----- C:\NetZeroInstaller
2009-04-09 03:10 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-08 22:26 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-08 22:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-08 21:07 <DIR> --d----- c:\program files\FreqGen
2009-04-08 18:49 <DIR> --d----- c:\docume~1\andy\applic~1\GarageGames
2009-04-08 14:11 43,264 -------- c:\windows\system32\drivers\ser2pl.sys
2009-04-08 12:52 <DIR> --d----- c:\program files\common files\xing shared
2009-04-08 12:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-08 12:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-08 12:51 <DIR> --d----- c:\program files\common files\Real
2009-04-08 12:25 <DIR> --d----- c:\docume~1\andy\applic~1\CallingID
2009-04-08 12:13 410,976 a------- c:\windows\system32\deploytk.dll
2009-04-08 12:13 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\scripting
2009-04-08 11:36 <DIR> --d----- c:\windows\l2schemas
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\en
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\bits
2009-04-08 11:32 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-08 11:21 <DIR> --d----- c:\windows\EHome
2009-04-08 10:32 <DIR> --d----- c:\program files\Galaxy Online
2009-04-08 10:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 10:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-08 10:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-08 10:23 <DIR> --d----- c:\documents and settings\andy
2009-04-08 05:52 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 05:52 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-08 05:52 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 05:52 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 05:52 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-08 05:52 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 05:52 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 05:52 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 05:52 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-08 05:47 <DIR> --d----- c:\windows\network diagnostic
2009-04-08 05:24 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 05:24 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 05:24 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 05:24 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 04:19 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-08 04:18 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 04:18 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 04:18 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 04:18 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-08 04:18 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-08 04:18 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 04:18 <DIR> --d----- C:\ca309dd81c045ee7cfe79c
2009-04-08 04:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-08 04:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-08 03:42 0 a------- c:\windows\system32\GLBSINST.%$D
2009-04-08 03:19 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 03:19 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 03:19 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 03:19 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 03:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-08 03:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-08 03:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-08 03:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 03:03 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-08 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-08 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-08 02:43 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-04-08 02:43 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-04-08 02:43 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 02:43 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-04-08 02:43 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 02:27 <DIR> --d----- c:\program files\ISSThirdParty
2009-04-08 02:26 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-08 02:26 <DIR> --d----- c:\program files\common files\Scanner
2009-04-08 02:26 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-08 02:26 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 02:26 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-08 02:26 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-08 02:26 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-08 02:26 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-08 02:26 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-08 02:26 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 02:26 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-08 02:26 17,852 a------- c:\windows\system32\entitlement.xml
2009-04-08 02:26 <DIR> --d----- c:\program files\CA
2009-04-08 02:02 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-04-08 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-04-08 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hpqwmi
2009-04-08 01:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-08 01:47 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-08 01:46 <DIR> --d----- c:\program files\Hp
2009-04-08 01:45 23,040 ac------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-08 01:45 <DIR> --d----- c:\program files\InterVideo
2009-04-08 01:44 14,336 ac------ c:\windows\system32\dllcache\chgusr.exe
2009-04-08 01:43 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-08 01:42 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-08 01:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-08 01:41 <DIR> --d----- c:\program files\Sonic
2009-04-08 01:39 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 01:39 <DIR> --d----- c:\program files\Online Services
2009-04-08 01:39 <DIR> --d----- c:\program files\Messenger
2009-04-08 01:39 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-08 01:38 <DIR> --d----- c:\program files\Windows NT
2009-04-08 01:30 <DIR> --d----- c:\program files\muvee Technologies
2009-04-08 01:30 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-04-08 01:29 <DIR> --d----- c:\program files\Zone.com
2009-04-08 01:24 <DIR> --d----- c:\program files\iPod
2009-04-08 01:24 <DIR> --d----- c:\program files\iTunes
2009-04-08 01:20 <DIR> --d----- c:\program files\HPQ
2009-04-08 01:19 <DIR> --d----- c:\program files\ATI Technologies
2009-04-08 01:18 <DIR> --d----- c:\program files\Synaptics
2009-04-08 01:16 <DIR> --d----- c:\program files\AMD
2009-04-08 01:16 <DIR> --d----- c:\program files\CONEXANT
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\ODBC
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-07 16:22 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-12 21:57 11,168 a---h--- c:\program files\huzajatu
2009-04-12 11:18 64,000 a--sh--- c:\windows\system32\yomudaki.exe
2009-04-12 11:18 109,568 a--sh--- c:\windows\system32\wiwuzoza.dll
2009-04-12 11:18 101,888 a--sh--- c:\windows\system32\pasaruwe.dll
2009-04-08 11:40 82,791 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-08 01:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-08 01:36 1,550 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-02-09 03:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-10 23:18 100,864 a--sh--- c:\windows\system32\hemiyubu.dll
2009-01-11 11:18 3 a--sh--- c:\windows\system32\lipidazi.dll
2009-01-10 23:12 0 a--sh--- c:\windows\system32\livadita.dll
2009-01-10 23:18 109,568 a--sh--- c:\windows\system32\nakuvowe.dll
2009-01-11 11:18 109,056 a--sh--- c:\windows\system32\vawuwure.dll
2009-01-10 23:18 64,512 a--sh--- c:\windows\system32\watebebo.exe
2009-01-11 11:18 69,632 a--sh--- c:\windows\system32\yivuvotu.dll
2009-01-11 11:18 62,464 a--sh--- c:\windows\system32\zozegebi.exe

============= FINISH: 22:02:19.85 ===============

[extremeboy]

Hello.

We will start off with Combofix. please read the instructions below and perform the steps.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

• Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
• Close any open windows, including this one.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• If you did not have it installed, you will see the prompt below. Choose YES.
• 
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy

[birdsbarr]

hi thanxs for the help. here is m combfix report. and i was going to let u know if this dont work out and i have to re format its no big deal i just did it 7 days ago so no worries :):)

ComboFix 09-04-13.A2 - andy 2009-04-13 10:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.382 [GMT -8:00]
Running from: c:\documents and settings\andy\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\AppPatch\dlmn.dll
c:\windows\AppPatch\msi.dll
c:\windows\direct.exe
c:\windows\glok+3ca-59fa.sys
c:\windows\glok+serv.config
c:\windows\system32\accies98.dll
c:\windows\system32\acciesx2.sys
c:\windows\system32\acpiz.dll
c:\windows\system32\acup.sys
c:\windows\system32\aeskap.dll
c:\windows\system32\agpbrdg0.dll
c:\windows\system32\agpbrdg5.sys
c:\windows\system32\apicrypt.dll
c:\windows\system32\armdvc.sys
c:\windows\system32\armrfc.sys
c:\windows\system32\arprmdg0.dll
c:\windows\system32\arprmdg5.sys
c:\windows\system32\asplg.sys
c:\windows\system32\asusrx20.dll
c:\windows\system32\asusrx25.sys
c:\windows\system32\ati2kaag.dll
c:\windows\system32\ati2ksag.sys
c:\windows\system32\ati2paag.dll
c:\windows\system32\ati2psag.sys
c:\windows\system32\atiddaxx.dll
c:\windows\system32\atiddbxx.sys
c:\windows\system32\atietaxx.dll
c:\windows\system32\atietbxx.sys
c:\windows\system32\atixdaxx.dll
c:\windows\system32\atixdbxx.dll
c:\windows\system32\atixdbxx.sys
c:\windows\system32\avload32.dll
c:\windows\system32\avpe32.dll
c:\windows\system32\avpe64.sys
c:\windows\system32\avpx32.dll
c:\windows\system32\avpx32.sys
c:\windows\system32\avpx64.sys
c:\windows\system32\axdebugl.dll
c:\windows\system32\axdebugld.sys
c:\windows\system32\axxt32.dll
c:\windows\system32\axxt32.sys
c:\windows\system32\axxt64.sys
c:\windows\system32\bmtdhh.dll
c:\windows\system32\bootrom8.dll
c:\windows\system32\browsemu.dll
c:\windows\system32\bt848rom.dll
c:\windows\system32\cdrwsys.dll
c:\windows\system32\cdscsix3.dll
c:\windows\system32\cdscsix3r.sys
c:\windows\system32\clbdll.dll
c:\windows\system32\clbdll.old
c:\windows\system32\clbinit.dll
c:\windows\system32\core3.sys
c:\windows\system32\cpudev.sys
c:\windows\system32\cryptmd5.dll
c:\windows\system32\CsdDriver.sys
c:\windows\system32\dasofupu.dll
c:\windows\system32\datcom.dll
c:\windows\system32\ddirectxt.sys
c:\windows\system32\ddirectz.dll
c:\windows\system32\ddram.sys
c:\windows\system32\DefLib.sys
c:\windows\system32\dersrvc.sys
c:\windows\system32\desmsg.dll
c:\windows\system32\digeste.dll
c:\windows\system32\directout.sys
c:\windows\system32\directprt.sys
c:\windows\system32\directpt.dll
c:\windows\system32\directut.dll
c:\windows\system32\divxps.dll
c:\windows\system32\dll.dll
c:\windows\system32\docent0.dll
c:\windows\system32\docent2.dll
c:\windows\system32\docentd.sys
c:\windows\system32\dprot.sys
c:\windows\system32\drivers\ati0qaxx.sys
c:\windows\system32\drivers\ati2xhxx.sys
c:\windows\system32\drivers\ati4irxx.sys
c:\windows\system32\drivers\clbdriver.sys
c:\windows\system32\drivers\ctl_w32.sys
c:\windows\system32\drivers\grande48.sys
c:\windows\system32\drivers\lojlig.sys
c:\windows\system32\drivers\mgcscrd.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\msliksurserv.sys
c:\windows\system32\drivers\msvtch.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\parport32.sys
c:\windows\system32\drivers\qandr.sys
c:\windows\system32\drivers\resdr32.sys
c:\windows\system32\drivers\reveal32.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\SROUTE.SYS
c:\windows\system32\drivers\ss.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\symavc32.sys
c:\windows\system32\drivers\tdlserv.sys
c:\windows\system32\drivers\TPLinks.sys
c:\windows\system32\drivers\wsnpoem.sys
c:\windows\system32\drop1.dll
c:\windows\system32\drop2.sys
c:\windows\system32\dvd4free.dll
c:\windows\system32\dvdkernl.sys
c:\windows\system32\dx9sr.sys
c:\windows\system32\dxtpdh.sys
c:\windows\system32\dxtpdx.dll
c:\windows\system32\emldvc.dll
c:\windows\system32\emul37.sys
c:\windows\system32\emul65.dll
c:\windows\system32\emul65.sys
c:\windows\system32\eps32sys.sys
c:\windows\system32\epsn2sys.sys
c:\windows\system32\epsonsys.sys
c:\windows\system32\estsprt.sys
c:\windows\system32\ewurasap.ini
c:\windows\system32\extfpu.dll
c:\windows\system32\extxerox.dll
c:\windows\system32\fanxctrl.dll
c:\windows\system32\fanxctrld.sys
c:\windows\system32\fejuvizo.dll
c:\windows\system32\flashdrv3.sys
c:\windows\system32\flashdrvr.dll
c:\windows\system32\fpuext.sys
c:\windows\system32\gatexkey.dll
c:\windows\system32\gatwxkey.dll
c:\windows\system32\gdiw2k.sys
c:\windows\system32\gdiwxp.dll
c:\windows\system32\gdow2k.sys
c:\windows\system32\gdowxp.dll
c:\windows\system32\gdwxp3.dll
c:\windows\system32\gzipmod.dll
c:\windows\system32\gzvb.sys
c:\windows\system32\gzvba.sys
c:\windows\system32\hemiyubu.dll
c:\windows\system32\hinet.dll
c:\windows\system32\hpprintdrv.sys
c:\windows\system32\hpprintx.dll
c:\windows\system32\hrpdcf.bin
c:\windows\system32\i975gl.dll
c:\windows\system32\idersrvc.sys
c:\windows\system32\ideusr50.dll
c:\windows\system32\ies4dll.dll
c:\windows\system32\ies4service.sys
c:\windows\system32\iesdl4l.dll
c:\windows\system32\iesprt.sys
c:\windows\system32\iesservice4.sys
c:\windows\system32\iokey.dll
c:\windows\system32\iokey.sys
c:\windows\system32\ipudpb2.sys
c:\windows\system32\irptp.sys
c:\windows\system32\itcom.sys
c:\windows\system32\jakadoje.dll
c:\windows\system32\java2.sys
c:\windows\system32\javavm1.dll
c:\windows\system32\jejesahe.dll
c:\windows\system32\k53lock.sys
c:\windows\system32\ke32paag.dll
c:\windows\system32\ke32psag.sys
c:\windows\system32\ke7dnl.sys
c:\windows\system32\kedes.sys
c:\windows\system32\kednl2.sys
c:\windows\system32\kednld.sys
c:\windows\system32\KernelDrv.exe
c:\windows\system32\kernelw.sys
c:\windows\system32\kernelwind32.exe
c:\windows\system32\kirdam.dll
c:\windows\system32\klite.sys
c:\windows\system32\krnllds.sys
c:\windows\system32\ksapgh.dll
c:\windows\system32\ksl48.bin
c:\windows\system32\kugokigu.dll
c:\windows\system32\kwave.sys
c:\windows\system32\l33t.dat
c:\windows\system32\l33t.exe
c:\windows\system32\lanH32.dll
c:\windows\system32\lanH64.sys
c:\windows\system32\lanmui.dll
c:\windows\system32\lannui.sys
c:\windows\system32\lgn1216a.dll
c:\windows\system32\linksrv0.dll
c:\windows\system32\linksrvd.sys
c:\windows\system32\livadita.dll
c:\windows\system32\logon032.dll
c:\windows\system32\logon16x.dll
c:\windows\system32\lsd_f3.dll
c:\windows\system32\m32lock.sys
c:\windows\system32\mcfCC4.dll
c:\windows\system32\mcfdrv.sys
c:\windows\system32\mcfG7A.dll
c:\windows\system32\mckwave.dll
c:\windows\system32\mcrwave.dll
c:\windows\system32\md5hsh.dll
c:\windows\system32\mdfpro.dll
c:\windows\system32\mdhash.dll
c:\windows\system32\mdhsh.sys
c:\windows\system32\mfstcpip.sys
c:\windows\system32\mi5035a0.dll
c:\windows\system32\mi5035a5.sys
c:\windows\system32\mjva.sys
c:\windows\system32\mm77lgn.sys
c:\windows\system32\mmccrd.sys
c:\windows\system32\mmcdll.dll
c:\windows\system32\mmlogon.sys
c:\windows\system32\mmmhaiha.dll
c:\windows\system32\mmmnqgnq.dll
c:\windows\system32\mmmqbnqb.dll
c:\windows\system32\mmmsfusf.dll
c:\windows\system32\mmmuaeua.dll
c:\windows\system32\mmsw72w72.dll
c:\windows\system32\mmx4xm.sys
c:\windows\system32\mmx4xt.dll
c:\windows\system32\mmxeroxk.dll
c:\windows\system32\mmxf32.dll
c:\windows\system32\mmxf64.sys
c:\windows\system32\modgzip.dll
c:\windows\system32\msdom2.dll
c:\windows\system32\msftcpip.sys
c:\windows\system32\msindeo.dll
c:\windows\system32\msliksurcredo.dll
c:\windows\system32\msliksurdns.dll
c:\windows\system32\Mspdnx.dll
c:\windows\system32\MSplg7.dll
c:\windows\system32\msrdr2.sys
c:\windows\system32\msudp4.sys
c:\windows\system32\msvcrl.dll
c:\windows\system32\msvtch.sys
c:\windows\system32\mswsaf.sys
c:\windows\system32\mswsag.sys
c:\windows\system32\msxcgxc.dll
c:\windows\system32\msxlop.dll
c:\windows\system32\mt49hub.dll
c:\windows\system32\nakuvowe.dll
c:\windows\system32\navdpu.sys
c:\windows\system32\navdqu.dll
c:\windows\system32\nclaby.sys
c:\windows\system32\nclabydll.dll
c:\windows\system32\nested.sys
c:\windows\system32\netwp.dll
c:\windows\system32\netwp.sys
c:\windows\system32\netwrp.dll
c:\windows\system32\nkcfg.sys
c:\windows\system32\nkunpack.dll
c:\windows\system32\nmk4.dat
c:\windows\system32\nodantivir.sys
c:\windows\system32\ntio256.sys
c:\windows\system32\ntos.exe
c:\windows\system32\NTvsx.dll
c:\windows\system32\nucdrv.sys
c:\windows\system32\nucdrvdll.dll
c:\windows\system32\nuclab.sys
c:\windows\system32\nuclabdll.dll
c:\windows\system32\nvmapi.sys
c:\windows\system32\nvnapi.sys
c:\windows\system32\obbf115.dll
c:\windows\system32\obbf117.sys
c:\windows\system32\obbn13rt.sys
c:\windows\system32\obbn13t.dll
c:\windows\system32\ocketx113.sys
c:\windows\system32\oedes.dll
c:\windows\system32\openglss.dll
c:\windows\system32\openglssd.sys
c:\windows\system32\openglwx.dll
c:\windows\system32\openglwxd.sys
c:\windows\system32\p435ikrd.sys
c:\windows\system32\p76xxsks.sys
c:\windows\system32\p79bsksb.sys
c:\windows\system32\p81eskse.sys
c:\windows\system32\PagingSYS.sys
c:\windows\system32\papubovu.dll
c:\windows\system32\pasaruwe.dll
c:\windows\system32\pasksa.dll
c:\windows\system32\pcixm.sys
c:\windows\system32\pcixmm.dll
c:\windows\system32\pluginst.dll
c:\windows\system32\powerxt.dll
c:\windows\system32\pptp16.dll
c:\windows\system32\pptp24.sys
c:\windows\system32\pptp32.dll
c:\windows\system32\pptp64.sys
c:\windows\system32\priarsz.dll
c:\windows\system32\printpn2.dll
c:\windows\system32\printpnp.dll
c:\windows\system32\protector.exe
c:\windows\system32\prt21sks.sys
c:\windows\system32\prt47sys.sys
c:\windows\system32\prtsks.dll
c:\windows\system32\prw76sks.sys
c:\windows\system32\prwsks.dll
c:\windows\system32\psksds.dll
c:\windows\system32\qhdtvv.dll
c:\windows\system32\qo.dll
c:\windows\system32\qo.sys
c:\windows\system32\qy.sys
c:\windows\system32\ramvxt.sys
c:\windows\system32\rapepute.dll
c:\windows\system32\rd.dll
c:\windows\system32\rd.sys
c:\windows\system32\rdrVR2.dll
c:\windows\system32\rdsync.sys
c:\windows\system32\rege2usb.dll
c:\windows\system32\regepsrvc.sys
c:\windows\system32\rehoruzu.dll
c:\windows\system32\rgbopx.dll
c:\windows\system32\rkskt.sys
c:\windows\system32\rksocket.dll
c:\windows\system32\rlx51dom.dll
c:\windows\system32\rlx66dob.sys
c:\windows\system32\rmk8ot.dll
c:\windows\system32\rmk9ot.sys
c:\windows\system32\rotw.sys
c:\windows\system32\routew.dll
c:\windows\system32\rsdapi.dll
c:\windows\system32\rssync.dll
c:\windows\system32\rxx5ot.dll
c:\windows\system32\rxx6ot.sys
c:\windows\system32\satad640.dll
c:\windows\system32\satad645.sys
c:\windows\system32\satau320.dll
c:\windows\system32\satau325.sys
c:\windows\system32\satdll.dll
c:\windows\system32\satmmc.dll
c:\windows\system32\sbfxi.dll
c:\windows\system32\scsi2usb.dll
c:\windows\system32\scsipsrvc.sys
c:\windows\system32\scsiusr4.dll
c:\windows\system32\sd.dll
c:\windows\system32\sd.sys
c:\windows\system32\sdcard98.dll
c:\windows\system32\sdcardX2.sys
c:\windows\system32\se500mdm.dll
c:\windows\system32\se500mdmd.sys
c:\windows\system32\se633mxx.dll
c:\windows\system32\se633mxxd.sys
c:\windows\system32\senekapop.dll
c:\windows\system32\sks2drvr.sys
c:\windows\system32\sksdll.dll
c:\windows\system32\skyu16.dll
c:\windows\system32\skyx16.dll
c:\windows\system32\skyx24.sys
c:\windows\system32\smspufpu.dll
c:\windows\system32\sndu32.dll
c:\windows\system32\sndu64.sys
c:\windows\system32\snjava.dll
c:\windows\system32\socket573.sys
c:\windows\system32\socketx113.sys
c:\windows\system32\spndt.sys
c:\windows\system32\ssipod1.sys
c:\windows\system32\surrd.sys
c:\windows\system32\swapdm.dll
c:\windows\system32\swapm.sys
c:\windows\system32\syncm.sys
c:\windows\system32\syncmc.sys
c:\windows\system32\syncps.dll
c:\windows\system32\syslink.dll
c:\windows\system32\sysprint.dll
c:\windows\system32\syswrk.dll
c:\windows\system32\tcpG4T.dll
c:\windows\system32\tcpGDC.dll
c:\windows\system32\tcpr32.dll
c:\windows\system32\tcpwrk.dll
c:\windows\system32\tdlbop.dll
c:\windows\system32\tdlsoui.flag
c:\windows\system32\tomto.dll
c:\windows\system32\tomto.sys
c:\windows\system32\upperhost.dll
c:\windows\system32\vawuwure.dll
c:\windows\system32\vbagz.sys
c:\windows\system32\vdmt16.sys
c:\windows\system32\vinm32.dll
c:\windows\system32\vinm32.sys
c:\windows\system32\vinm64.sys
c:\windows\system32\vistaj.sys
c:\windows\system32\vistax.dll
c:\windows\system32\vlansys.sys
c:\windows\system32\vmdesched.sys
c:\windows\system32\vxdgfx.sys
c:\windows\system32\vxtnav.dll
c:\windows\system32\vxvgfv.sys
c:\windows\system32\wartamd.sys
c:\windows\system32\wartamll.dll
c:\windows\system32\waxw2k.dll
c:\windows\system32\wincom32.sys
c:\windows\system32\winlow.sys
c:\windows\system32\winm32.dll
c:\windows\system32\winm32.sys
c:\windows\system32\winm64.sys
c:\windows\system32\winprint.dll
c:\windows\system32\winvsx.sys
c:\windows\system32\wiwuzoza.dll
c:\windows\system32\wndtx1.dll
c:\windows\system32\wnlogon.sys
c:\windows\system32\wnlogow.sys
c:\windows\system32\wnmicf.dll
c:\windows\system32\wnmicf.sys
c:\windows\system32\wnmifc.sys
c:\windows\system32\wrapk.sys
c:\windows\system32\wrapkm.dll
c:\windows\system32\wrmdrv.sys
c:\windows\system32\wsmsag.dll
c:\windows\system32\wsmsag.sys
c:\windows\system32\wsmsge.dll
c:\windows\system32\wsnpoem.exe
c:\windows\system32\xartcd5.dll
c:\windows\system32\xartcd7.sys
c:\windows\system32\xatcore.dll
c:\windows\system32\xcdkernl.sys
c:\windows\system32\xcdmfree.dll
c:\windows\system32\xcttgm.sys
c:\windows\system32\xcttgs.dll
c:\windows\system32\xdudmm.sys
c:\windows\system32\xdudtt.dll
c:\windows\system32\xkeyshd.sys
c:\windows\system32\xkeyshll.dll
c:\windows\system32\xlift.sys
c:\windows\system32\xliftm.dll
c:\windows\system32\xmsk32.dll
c:\windows\system32\xmsk64.sys
c:\windows\system32\xopptp.dll
c:\windows\system32\xopptp.sys
c:\windows\system32\xprot.sys
c:\windows\system32\xptpmm.sys
c:\windows\system32\xptptt.dll
c:\windows\system32\ycsrgb.sys
c:\windows\system32\ycsvga.sys
c:\windows\system32\ydsvgd.dll
c:\windows\system32\ydsvgd.sys
c:\windows\system32\yilinetu.dll
c:\windows\system32\yivuvotu.dll
c:\windows\system32\yvbb01.dll
c:\windows\system32\yvbb01.sys
c:\windows\system32\yvbb02.sys
c:\windows\system32\yvpp01.dll
c:\windows\system32\yvpp02.sys
c:\windows\system32\yvprgb.dll
c:\windows\system32\yvprgb.sys
c:\windows\system32\yvsvga.dll
c:\windows\system32\yvsvga.sys
c:\windows\system32\zisuruhi.dll
c:\windows\system32\zopenssl.dll
c:\windows\system32\zopenssld.sys
c:\windows\system32\zq.dll
c:\windows\system32\zq.sys

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-13 07:20 . 2009-04-13 07:20 -------- d-----w c:\documents and settings\andy\Application Data\AdobeUM
2009-04-12 18:32 . 2009-04-12 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-04-12 07:20 . 2009-04-12 07:20 62976 --sha-w c:\windows\system32\kebajuvi.exe
2009-04-12 01:29 . 2009-04-12 01:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-12 01:28 . 2009-04-12 01:31 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Google
2009-04-12 01:25 . 2009-04-13 03:28 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Adobe
2009-04-10 04:28 . 2009-04-10 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\NetZero
2009-04-10 04:28 . 2009-04-12 04:09 -------- d-----w C:\NetZeroInstaller
2009-04-09 22:38 . 2009-04-09 22:38 45504 ----a-w c:\documents and settings\andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 06:26 . 2008-10-16 22:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-09 06:26 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Mozilla
2009-04-09 02:49 . 2009-04-09 02:49 -------- d-----w c:\documents and settings\andy\Application Data\GarageGames
2009-04-08 22:11 . 2003-07-16 22:27 43264 ------w c:\windows\system32\drivers\ser2pl.sys
2009-04-08 22:04 . 2009-04-08 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 20:51 . 2009-04-08 20:51 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-08 20:51 . 2009-04-08 20:51 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-08 20:25 . 2009-04-13 18:36 -------- d-----w c:\documents and settings\andy\Application Data\CallingID
2009-04-08 20:25 . 2009-04-08 20:25 0 ----a-w c:\windows\nsreg.dat
2009-04-08 20:25 . 2009-04-08 20:25 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Mozilla
2009-04-08 20:13 . 2009-04-08 20:13 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-08 20:13 . 2009-04-08 20:13 410976 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\scripting
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\l2schemas
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\en
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\bits
2009-04-08 19:32 . 2009-04-08 19:37 -------- d-----w c:\windows\ServicePackFiles
2009-04-08 19:21 . 2009-04-08 19:21 -------- d-----w c:\windows\EHome
2009-04-08 18:32 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 18:31 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-08 18:24 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-08 13:52 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 13:52 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 13:52 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-08 13:52 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 13:52 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-08 13:52 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 13:52 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 13:52 . 2007-03-08 05:10 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 13:52 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-08 13:24 . 2004-08-04 06:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 13:24 . 2004-08-04 06:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 13:24 . 2004-08-04 06:41 220032 ------w c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 13:24 . 2004-07-18 06:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 12:24 . 2009-04-08 12:24 -------- d-sh--w c:\documents and settings\richard hamm\UserData
2009-04-08 12:20 . 2009-04-08 12:20 107736 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\windows\system32\XPSViewer
2009-04-08 12:18 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-08 12:18 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 12:18 . 2009-04-08 12:19 -------- d-----w C:\ca309dd81c045ee7cfe79c
2009-04-08 12:18 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 12:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-08 11:42 . 2009-04-08 23:51 0 ----a-w c:\windows\system32\GLBSINST.%$D
2009-04-08 11:19 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 11:19 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 11:19 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 11:19 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 11:13 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-08 11:13 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-08 11:03 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-08 11:03 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 11:03 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-08 11:00 . 2007-08-11 04:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-08 10:43 . 2008-08-14 10:04 138496 -c----w c:\windows\system32\dllcache\afd.sys
2009-04-08 10:43 . 2008-06-20 11:51 361600 -c----w c:\windows\system32\dllcache\tcpip.sys
2009-04-08 10:43 . 2008-06-20 11:08 225856 -c----w c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 10:43 . 2008-06-20 17:46 245248 -c----w c:\windows\system32\dllcache\mswsock.dll
2009-04-08 10:43 . 2008-06-20 17:46 147968 -c----w c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 10:26 . 2009-02-16 02:02 250544 ----a-w c:\windows\system32\KeyHelp.ocx
2009-04-08 10:26 . 2009-04-08 10:37 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-08 10:26 . 2009-04-08 10:37 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-08 10:26 . 2009-02-16 20:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-08 10:26 . 2009-02-16 20:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-08 10:26 . 2009-02-16 20:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-04-08 10:26 . 2009-02-16 20:16 99568 ----a-w c:\windows\system32\isafeif.dll
2009-04-08 10:26 . 2007-12-04 19:47 83256 ----a-w c:\windows\system32\vetredir.dll
2009-04-08 10:26 . 2009-04-08 10:26 17852 ----a-w c:\windows\system32\entitlement.xml
2009-04-08 10:01 . 2009-04-12 01:21 45504 ----a-w c:\documents and settings\richard hamm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 19:00 . 2009-01-11 07:12 11168 ---ha-w c:\program files\huzajatu
2009-04-13 07:19 . 2009-01-13 07:19 63488 --sha-w c:\windows\system32\rowehulu.exe
2009-04-13 07:19 . 2009-01-13 07:19 63488 --sha-w c:\windows\system32\rowehulu.exe
2009-04-12 19:18 . 2009-01-12 19:18 64000 --sha-w c:\windows\system32\yomudaki.exe
2009-04-12 19:18 . 2009-01-12 19:18 64000 --sha-w c:\windows\system32\yomudaki.exe
2009-04-12 07:49 . 2009-04-11 07:12 -------- d-----w c:\program files\jipijora
2009-04-12 01:31 . 2009-04-08 10:41 -------- d-----w c:\documents and settings\richard hamm\Application Data\CallingID
2009-04-12 01:29 . 2009-04-12 01:25 -------- d-----w c:\program files\Google
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\program files\vokamope
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\program files\tezezubu
2009-04-10 17:57 . 2009-04-10 04:28 -------- d-----w c:\program files\NetZero
2009-04-09 11:10 . 2009-04-09 11:10 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 10:09 . 2009-04-09 10:06 590 ----a-w C:\updatedatfix.log
2009-04-09 10:09 . 2009-04-08 09:46 -------- d-----w c:\program files\Hp
2009-04-09 07:31 . 2009-04-09 07:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 06:55 . 2009-04-08 18:32 -------- d-----w c:\program files\Galaxy Online
2009-04-09 05:08 . 2009-04-09 05:07 -------- d-----w c:\program files\FreqGen
2009-04-08 23:51 . 2009-04-08 10:02 -------- d-----w c:\program files\Zone.com Deluxe Games
2009-04-08 22:10 . 2009-04-08 09:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 20:52 . 2009-04-08 20:52 -------- d-----w c:\program files\Common Files\xing shared
2009-04-08 20:52 . 2009-04-08 20:51 -------- d-----w c:\program files\Common Files\Real
2009-04-08 20:51 . 2009-04-08 20:51 -------- d-----w c:\program files\Real
2009-04-08 20:13 . 2009-04-08 09:43 -------- d-----w c:\program files\Java
2009-04-08 19:40 . 2009-04-08 09:43 82791 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-08 19:28 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\MSBuild
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\Reference Assemblies
2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w c:\program files\MSXML 6.0
2009-04-08 10:41 . 2009-04-08 10:22 921206 ----a-w C:\caisslog.txt
2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\ISSThirdParty
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\CA
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\Common Files\Scanner
2009-04-08 10:26 . 2009-04-08 10:26 55989 ----a-w C:\caavsetupLog.txt
2009-04-08 09:53 . 2009-04-08 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-04-08 09:49 . 2009-04-08 09:49 -------- d-----w c:\documents and settings\All Users\Application Data\hpqwmi
2009-04-08 09:45 . 2009-04-08 09:45 -------- d-----w c:\program files\InterVideo
2009-04-08 09:44 . 2009-04-08 09:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 09:44 . 2009-04-08 09:20 -------- d-----w c:\program files\HPQ
2009-04-08 09:43 . 2009-04-08 09:43 20538 ----a-w C:\sunjava.log
2009-04-08 09:43 . 2009-04-08 09:43 -------- d-----w c:\program files\Common Files\Java
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-08 09:42 . 2009-04-08 09:41 -------- d-----w c:\program files\Sonic
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-08 09:42 . 2009-04-08 09:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-08 09:41 . 2009-04-08 09:41 -------- d-----w c:\program files\Common Files\TiVo Shared
2009-04-08 09:40 . 2009-04-08 09:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-08 09:40 . 2009-04-08 09:39 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-08 09:39 . 2009-04-08 09:36 161 ----a-w C:\mscuxp.log
2009-04-08 09:39 . 2009-04-08 09:35 196 ----a-w C:\sedinst2.log
2009-04-08 09:36 . 2009-04-08 09:19 161 ----a-w C:\setup.log
2009-04-08 09:36 . 2009-04-08 09:36 1550 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-04-08 09:30 . 2009-04-08 09:29 192 ----a-w C:\muvee.log
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 13398 ----a-w C:\mszone.log
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\program files\Zone.com
2009-04-08 09:27 . 2009-04-08 09:25 171 ----a-w C:\HSC.log
2009-04-08 09:25 . 2009-04-08 09:25 -------- d-----w c:\documents and settings\richard hamm\Application Data\Apple Computer
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iPod
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iTunes
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:23 . 2009-04-08 09:22 3221582 ----a-w C:\DNSP1.LOG
2009-04-08 09:20 . 2009-04-08 09:20 20004 ----a-w C:\adobelog.txt
2009-04-08 09:19 . 2009-04-08 09:19 -------- d-----w c:\program files\ATI Technologies
2009-04-08 09:18 . 2009-04-08 09:18 191 ----a-w C:\syntp.log
2009-04-08 09:18 . 2009-04-08 09:18 -------- d-----w c:\program files\Synaptics
2009-04-08 09:17 . 2009-04-08 09:17 32 ----a-w C:\ticrdbus.log
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\CONEXANT
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\AMD
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-06 1701376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-08 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-15 324848]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe" [2009-04-08 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-16 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-16 337136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"combofix"="c:\windows\system32\CF8142.exe" [2009-04-13 389120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-04-08 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 15:46 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\dasofupu.dll c:\windows\system32\yilinetu.dll
"LoadAppInit_Dlls"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ INDOWS\system32\dasofupu.dll c:\windows\system32\dasofupu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=

R2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-08-25 52728]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-12-12 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-18 128240]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-12-12 144376]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-12-12 1153528]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-12-10 797176]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-12-19 297464]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-15 222448]

.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 17:25]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 17:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{287c85ec-b239-485c-b86c-6700e34500c1} - c:\windows\system32\zisuruhi.dll
HKLM-Run-foyukuvifo - c:\windows\system32\kugokigu.dll
HKLM-Run-f48b630f - c:\windows\system32\pasaruwe.dll
HKLM-Run-CPMf7b85093 - c:\windows\system32\yilinetu.dll


.
------- Supplementary Scan -------
.
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 11:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????-????|?????? ???B?????????????hLC? ??????

scanning hidden files ...


c:\windows\repair

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(620)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\program files\NetZero\qsacc\X1Exec.exe
.
**************************************************************************
.
Completion time: 2009-04-13 11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 19:09

Pre-Run: 29,463,248,896 bytes free
Post-Run: 30,258,479,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

781 --- E O F --- 2009-04-09 11:23

[extremeboy]

Hello.

Quote:

hi thanxs for the help. here is m combfix report. and i was going to let u know if this dont work out and i have to re format its no big deal i just did it 7 days ago so no worries :):)

How did you get heavily infected again?

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
• Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
  Code:

  http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/366182-vundo-vundo778-haxdoore.html
  Collect::
  c:\windows\system32\kebajuvi.exe
  c:\program files\huzajatu
  c:\windows\system32\rowehulu.exe
  c:\windows\system32\yomudaki.exe
  File::
  c:\windows\system32\GLBSINST.%$D
  Folder::
  c:\program files\jipijora
  c:\program files\vokamope
  c:\program files\tezezubu
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "combofix"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  "AppInit_DLLs"=""
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "UpdatesDisableNotify"=dword:00000000

  Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  
• Refering to the picture above, drag CFScript into ComboFix.exe.
• When finished, it shall produce a log for you at "C:\ComboFix.txt"

Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.

• Important: Ensure you are connected to the internet before clicking OK on the message box.
• A blue-screen would appear auto-uploading the zipped file I requested.
• After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".

**NOTE**
=================

• IF for some reason Combofix fails to upload anything please do the following:
• Go to Start >> My Computer > C:\
• Then Navigate to the C:\Qoobox\Quarantine folder.
• Find the archive zip file called "[68]-Submit_Date_Time.zip"
• Simply go to This Channel and upload the submit.zip archive file to me.
• Follow the instructions on that page to copy/paste/send the requested file.

Let me know how it goes and if the upload went successfully or not in your next reply.

Please re-run GMER again and post the log once it's done.

For your next reply please post back with:
-Combofix log
-New GMER log

Thanks.

With Regards,
Extremeboy

[birdsbarr]

hi as to the question of how i got so infectied again that i dont know. i know that this has never happened tell 1 week ago in 3 years i have never had an infection that ca antiviurs or ca anti spyware could not take care of now i have noticed that this has control over ca anti spyware it disruputs the runtime when ca tries to quraintine but thats off subject i think im getting it from a web site or i play one game that the sever is crasging alot maby its infected i also have netzero as an isp and its on all the tim with the account and the 3g highspeed app it has im onl guessing i realy want to know is there a better antispyware program and ill trad it for my ca right now tell thay get a better update if thay do. if u got any tips so i dont get infected let me know thanxs.


oki the combo fix did not reboot this time when it was finished it gave me this error
16-mb subsystem error
the NTVDM has encounterd an illegal instruction
cs:1900 IP:fffo OP 0900 chose close to terminat app
i clicked ignore here r the reports and the one got uploded to the sever
thanxs alot the bird:)


ComboFix 09-04-14.06 - andy 04/14/2009 0:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.425 [GMT -8:00]
Running from: c:\documents and settings\andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andy\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\GLBSINST.%$D
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\huzajatu
c:\program files\jipijora
c:\program files\tezezubu
c:\program files\tezezubu\tezezubu.dll
c:\program files\vokamope
c:\program files\vokamope\vokamope.dll
c:\windows\system32\GLBSINST.%$D
c:\windows\system32\kebajuvi.exe
c:\windows\system32\rowehulu.exe
c:\windows\system32\yomudaki.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 08:19 . 2009-04-14 08:19 389120 ----a-w c:\windows\system32\cmd.execf
2009-04-13 07:20 . 2009-04-13 07:20 -------- d-----w c:\documents and settings\andy\Application Data\AdobeUM
2009-04-12 18:32 . 2009-04-12 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-04-12 01:29 . 2009-04-12 01:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-12 01:28 . 2009-04-12 01:31 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Google
2009-04-12 01:25 . 2009-04-14 04:29 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Adobe
2009-04-10 04:28 . 2009-04-10 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\NetZero
2009-04-10 04:28 . 2009-04-12 04:09 -------- d-----w C:\NetZeroInstaller
2009-04-09 22:38 . 2009-04-09 22:38 45504 ----a-w c:\documents and settings\andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 06:26 . 2008-10-16 22:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-09 06:26 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Mozilla
2009-04-09 02:49 . 2009-04-09 02:49 -------- d-----w c:\documents and settings\andy\Application Data\GarageGames
2009-04-08 22:11 . 2003-07-16 22:27 43264 ------w c:\windows\system32\drivers\ser2pl.sys
2009-04-08 22:04 . 2009-04-08 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 20:51 . 2009-04-08 20:51 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-08 20:51 . 2009-04-08 20:51 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-08 20:25 . 2009-04-14 03:27 -------- d-----w c:\documents and settings\andy\Application Data\CallingID
2009-04-08 20:25 . 2009-04-08 20:25 0 ----a-w c:\windows\nsreg.dat
2009-04-08 20:25 . 2009-04-08 20:25 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Mozilla
2009-04-08 20:13 . 2009-04-08 20:13 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-08 20:13 . 2009-04-08 20:13 410976 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\scripting
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\l2schemas
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\en
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\bits
2009-04-08 19:32 . 2009-04-08 19:37 -------- d-----w c:\windows\ServicePackFiles
2009-04-08 19:21 . 2009-04-08 19:21 -------- d-----w c:\windows\EHome
2009-04-08 18:32 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 18:31 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-08 18:24 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-08 13:52 . 2008-12-20 23:15 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 13:52 . 2008-12-20 23:15 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 13:52 . 2008-12-20 23:15 267776 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-08 13:52 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 13:52 . 2008-12-20 23:15 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-08 13:52 . 2008-12-20 23:15 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 13:52 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 13:52 . 2007-03-08 05:10 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 13:52 . 2008-12-20 23:15 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-08 13:24 . 2004-08-04 06:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 13:24 . 2004-08-04 06:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 13:24 . 2004-08-04 06:41 220032 ------w c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 13:24 . 2004-07-18 06:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 12:24 . 2009-04-08 12:24 -------- d-sh--w c:\documents and settings\richard hamm\UserData
2009-04-08 12:20 . 2009-04-08 12:20 107736 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\windows\system32\XPSViewer
2009-04-08 12:18 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-08 12:18 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 12:18 . 2009-04-08 12:19 -------- d-----w C:\ca309dd81c045ee7cfe79c
2009-04-08 12:18 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 12:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-08 11:19 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 11:19 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 11:19 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 11:19 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 11:13 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-08 11:13 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-08 11:03 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-08 11:03 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 11:03 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-08 11:00 . 2007-08-11 04:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-08 10:43 . 2008-08-14 10:04 138496 -c----w c:\windows\system32\dllcache\afd.sys
2009-04-08 10:43 . 2008-06-20 11:51 361600 -c----w c:\windows\system32\dllcache\tcpip.sys
2009-04-08 10:43 . 2008-06-20 11:08 225856 -c----w c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 10:43 . 2008-06-20 17:46 245248 -c----w c:\windows\system32\dllcache\mswsock.dll
2009-04-08 10:43 . 2008-06-20 17:46 147968 -c----w c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 10:26 . 2009-02-16 02:02 250544 ----a-w c:\windows\system32\KeyHelp.ocx
2009-04-08 10:26 . 2009-04-08 10:37 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-08 10:26 . 2009-04-08 10:37 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-08 10:26 . 2009-02-16 20:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-08 10:26 . 2009-02-16 20:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-08 10:26 . 2009-02-16 20:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-04-08 10:26 . 2009-02-16 20:16 99568 ----a-w c:\windows\system32\isafeif.dll
2009-04-08 10:26 . 2007-12-04 19:47 83256 ----a-w c:\windows\system32\vetredir.dll
2009-04-08 10:26 . 2009-04-08 10:26 17852 ----a-w c:\windows\system32\entitlement.xml
2009-04-08 10:01 . 2009-04-12 01:21 45504 ----a-w c:\documents and settings\richard hamm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 00:54 . 2009-04-08 10:41 -------- d-----w c:\documents and settings\richard hamm\Application Data\CallingID
2009-04-12 01:29 . 2009-04-12 01:25 -------- d-----w c:\program files\Google
2009-04-10 17:57 . 2009-04-10 04:28 -------- d-----w c:\program files\NetZero
2009-04-09 11:10 . 2009-04-09 11:10 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 10:09 . 2009-04-09 10:06 590 ----a-w C:\updatedatfix.log
2009-04-09 10:09 . 2009-04-08 09:46 -------- d-----w c:\program files\Hp
2009-04-09 07:31 . 2009-04-09 07:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 06:55 . 2009-04-08 18:32 -------- d-----w c:\program files\Galaxy Online
2009-04-09 05:08 . 2009-04-09 05:07 -------- d-----w c:\program files\FreqGen
2009-04-08 23:51 . 2009-04-08 10:02 -------- d-----w c:\program files\Zone.com Deluxe Games
2009-04-08 22:10 . 2009-04-08 09:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 20:52 . 2009-04-08 20:52 -------- d-----w c:\program files\Common Files\xing shared
2009-04-08 20:52 . 2009-04-08 20:51 -------- d-----w c:\program files\Common Files\Real
2009-04-08 20:51 . 2009-04-08 20:51 -------- d-----w c:\program files\Real
2009-04-08 20:13 . 2009-04-08 09:43 -------- d-----w c:\program files\Java
2009-04-08 19:40 . 2009-04-08 09:43 82791 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-08 19:28 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\MSBuild
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\Reference Assemblies
2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w c:\program files\MSXML 6.0
2009-04-08 10:41 . 2009-04-08 10:22 921206 ----a-w C:\caisslog.txt
2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\ISSThirdParty
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\CA
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\Common Files\Scanner
2009-04-08 10:26 . 2009-04-08 10:26 55989 ----a-w C:\caavsetupLog.txt
2009-04-08 09:53 . 2009-04-08 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-04-08 09:49 . 2009-04-08 09:49 -------- d-----w c:\documents and settings\All Users\Application Data\hpqwmi
2009-04-08 09:45 . 2009-04-08 09:45 -------- d-----w c:\program files\InterVideo
2009-04-08 09:44 . 2009-04-08 09:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 09:44 . 2009-04-08 09:20 -------- d-----w c:\program files\HPQ
2009-04-08 09:43 . 2009-04-08 09:43 20538 ----a-w C:\sunjava.log
2009-04-08 09:43 . 2009-04-08 09:43 -------- d-----w c:\program files\Common Files\Java
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-08 09:42 . 2009-04-08 09:41 -------- d-----w c:\program files\Sonic
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-08 09:42 . 2009-04-08 09:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-08 09:41 . 2009-04-08 09:41 -------- d-----w c:\program files\Common Files\TiVo Shared
2009-04-08 09:40 . 2009-04-08 09:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-08 09:40 . 2009-04-08 09:39 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-08 09:39 . 2009-04-08 09:36 161 ----a-w C:\mscuxp.log
2009-04-08 09:39 . 2009-04-08 09:35 196 ----a-w C:\sedinst2.log
2009-04-08 09:36 . 2009-04-08 09:19 161 ----a-w C:\setup.log
2009-04-08 09:36 . 2009-04-08 09:36 1550 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-04-08 09:30 . 2009-04-08 09:29 192 ----a-w C:\muvee.log
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 13398 ----a-w C:\mszone.log
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\program files\Zone.com
2009-04-08 09:27 . 2009-04-08 09:25 171 ----a-w C:\HSC.log
2009-04-08 09:25 . 2009-04-08 09:25 -------- d-----w c:\documents and settings\richard hamm\Application Data\Apple Computer
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iPod
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iTunes
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:23 . 2009-04-08 09:22 3221582 ----a-w C:\DNSP1.LOG
2009-04-08 09:20 . 2009-04-08 09:20 20004 ----a-w C:\adobelog.txt
2009-04-08 09:19 . 2009-04-08 09:19 -------- d-----w c:\program files\ATI Technologies
2009-04-08 09:18 . 2009-04-08 09:18 191 ----a-w C:\syntp.log
2009-04-08 09:18 . 2009-04-08 09:18 -------- d-----w c:\program files\Synaptics
2009-04-08 09:17 . 2009-04-08 09:17 32 ----a-w C:\ticrdbus.log
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\CONEXANT
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\AMD
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-08 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 136600]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-16 324848]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe" [2009-04-08 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-17 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-17 337136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-8 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 23:46 79368 ----a-w c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-08-25 52728]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-12-12 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-18 128240]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-12-12 144376]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-12-12 1153528]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-12-10 797176]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-12-19 297464]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-16 222448]

.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 01:25]

2009-04-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 01:28]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 00:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????-????|?????? ???B?????????????hLC? ??????

scanning hidden files ...


c:\windows\repair

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1652)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(4932)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 08:32
ComboFix2.txt 2009-04-13 19:09

Pre-Run: 30,234,652,672 bytes free
Post-Run: 30,256,361,472 bytes free

293 --- E O F --- 2009-04-09 11:23


GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-14 01:05:05
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB8DDEB35]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB8DDF856]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB8DDFBA7]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB8DDEA99]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB8DDF57B]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xEE7DECE8]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB8DDF983]

Code \??\C:\DOCUME~1\andy\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000077 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\repair 0 bytes
File C:\WINDOWS\repair\autoexec.nt 1688 bytes
File C:\WINDOWS\repair\config.nt 2577 bytes
File C:\WINDOWS\repair\default 225280 bytes
File C:\WINDOWS\repair\ntuser.dat 225280 bytes
File C:\WINDOWS\repair\sam 20480 bytes
File C:\WINDOWS\repair\secsetup.inf 246930 bytes
File C:\WINDOWS\repair\security 28672 bytes
File C:\WINDOWS\repair\setup.log 207316 bytes
File C:\WINDOWS\repair\software 8507392 bytes
File C:\WINDOWS\repair\system 1466368 bytes
File C:\WINDOWS\system32\config\AppEvent.Evt 524288 bytes
File C:\WINDOWS\system32\config\default 262144 bytes
File C:\WINDOWS\system32\config\default.LOG 1024 bytes
File C:\WINDOWS\system32\config\default.sav 94208 bytes
File C:\WINDOWS\system32\config\Internet.evt 65536 bytes
File C:\WINDOWS\system32\config\SAM 262144 bytes
File C:\WINDOWS\system32\config\SAM.LOG 1024 bytes
File C:\WINDOWS\system32\config\SecEvent.Evt 524288 bytes
File C:\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\WINDOWS\system32\config\SECURITY.LOG 1024 bytes
File C:\WINDOWS\system32\config\software 18612224 bytes
File C:\WINDOWS\system32\config\software.LOG 1024 bytes
File C:\WINDOWS\system32\config\software.sav 634880 bytes
File C:\WINDOWS\system32\config\SysEvent.Evt 327680 bytes
File C:\WINDOWS\system32\config\system (size mismatch) 4718592/0 bytes
File C:\WINDOWS\system32\config\system.LOG 1024 bytes
File C:\WINDOWS\system32\config\system.sav 876544 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C 2202 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C19F8F5C2A69BEC912EF5B953293907 1294 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 552 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A 574 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C 194 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C19F8F5C2A69BEC912EF5B953293907 126 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A 140 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt 141 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 16384 bytes
File C:\WINDOWS\system32\config\systemprofile\Desktop 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Favorites 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb 720896 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 498 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 12787 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040820090409 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009040820090409\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\temp 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3MM4YG8W 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3MM4YG8W\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\54T37NZZ 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\54T37NZZ\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DWODLDV2 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DWODLDV2\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MEIXANJQ 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MEIXANJQ\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\My Documents 0 bytes
File C:\WINDOWS\system32\config\systemprofile\NetHood 0 bytes
File C:\WINDOWS\system32\config\systemprofile\PrintHood 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Recent 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 181 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Mail Recipient.MAPIMail 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1525 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1532 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1501 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1539 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk 1555 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini 482 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 804 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk 1519 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk 1519 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1527 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk 1487 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini 148 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk 1599 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk 792 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\amipro.sam 4570 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\excel.xls 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\excel4.xls 1518 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\lotus.wk4 2448 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\powerpnt.ppt 12288 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\presenta.shw 461 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\quattro.wb2 4017 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav 58 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\winword.doc 4608 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc 1769 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpd 30 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpg 57 bytes
File C:\WINDOWS\system32\config\TempKey.LOG 1024 bytes
File C:\WINDOWS\system32\config\userdiff 262144 bytes
File C:\WINDOWS\system32\config\userdiff.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----

[extremeboy]

Hello.

Quote:

if u got any tips so i dont get infected let me know thanxs.

Yes, I will give you some once we are done :)

Let's run a MBAM scan and we will deal with the rest next post. The Combofix log looks okay but a few things we can remove afterwards :)

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with a New set of DDS log as well.

Thanks!

With regards,
Extremeboy

[birdsbarr]

oki i did the scan came up clean here is the report thank you :)


Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/14/2009 2:17:09 PM
mbam-log-2009-04-14 (14-17-09).txt

Scan type: Quick Scan
Objects scanned: 71025
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[birdsbarr]

hi hi :):) i woke up this morrning and my auto updates were turned off again so i did a scan with mbam and if found and removed them secsefully i have both reports for u still dont know how it happens so fast iv only done 3 or 4 things on my pc why u were helping me i played my game i watched anime and did m taxs on the irs website thanxs for your help is this some thing that every one is getting is it part of conficer idk but i know mbam works good to remove it heres the logs thanxs

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/15/2009 12:14:38 PM
mbam-log-2009-04-15 (12-14-18).txt

Scan type: Quick Scan
Objects scanned: 71908
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lakofara.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zegesuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\josavemi.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\fuwawiza.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f48b630f (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf7b85093 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyukuvifo (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lakofara.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\lakofara.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fuwawiza.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zegesuso.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\osusegez.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\fuwawiza.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\josavemi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\juneseta.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\lakofara.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\dehefosa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vihigita.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wivepela.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yuguvine.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\ON2JQ46R\tred[1].htm (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\Q7LLH54S\d[1].htm (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\Q7LLH54S\d[2].htm (Trojan.Vundo.H) -> No action taken.




next log

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/15/2009 12:15:07 PM
mbam-log-2009-04-15 (12-15-07).txt

Scan type: Quick Scan
Objects scanned: 71908
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lakofara.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zegesuso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\josavemi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\fuwawiza.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f48b630f (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf7b85093 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyukuvifo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lakofara.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\lakofara.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fuwawiza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zegesuso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\osusegez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fuwawiza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\josavemi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\juneseta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lakofara.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dehefosa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vihigita.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wivepela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuguvine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\ON2JQ46R\tred[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\Q7LLH54S\d[1].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\Q7LLH54S\d[2].htm (Trojan.Vundo.H) -> Quarantined and deleted successfully.



next log

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/15/2009 12:47:24 PM
mbam-log-2009-04-15 (12-47-24).txt

Scan type: Quick Scan
Objects scanned: 71580
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



thanxs for the help :):)

[extremeboy]

Hello.

Glad everything is better.

We will see if there's anything else.

Please perform the following steps for me.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
• Click the Download button to the right.
• Select your Platform: " Windows".
• Select your Language: " Multi-language".
• Read the License Agreement, and then check the box that says: " Accept License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Open the Kaspersky WebScanner
  page.
• Click on the button on the main page.
• The program will launch and fill in the Information section on the left.
• Read the "Requirements and Limitations" then press the button.
• The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
• Once the files have been downloaded, click on the ...button.
  In the scan settings make sure the following are selected:
  • Detect malicious programs of the following categories:
    Viruses, Worms, Trojan Horses, Rootkits
    Spyware, Adware, Dialers and other potentially dangerous programs
  • Scan compound files (doesn't apply to the File scan area):
    Archives
    Mail databases
    By default the above items should already be checked.
  • Click the button, if you made any changes.
• Now under the Scan section on the left:
  
  Select My Computer
  
• The program will now start and scan your system. This will run for a while, be patient and let it finish.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

You can refer to this animation by sundavis.

Post back with:
-Kaspersky log
-New DDS log
-How's your computer running now?

Attach back with:
-New Attach log

With Regards,
Extremeboy

[birdsbarr]

my laptop is running alot better now startup is superfast quick launch bottons dont stall out my real time scaner is picking up the virus that this new scan dose but it delets it and it comes right back its been doing it for 3 days now i tryed to get the log for u but it wont let me copy and paste it if u want it i could type it out for u if u want also is it normal for my anti virus to remove combofix when i turn it back on i have scaned for the spy ware 2 time now after this morning and it still gone

is it ok to have all the updates for .netframwork it looks like this in add remove programs. should i deleat 1.1 throw 3.0 sp2 and just leave 3.5 sp1 there?

microsoft .net framework 1.1
microsoft .net framework1.1 hot fix
microsoft .net framework 2.0 sp2
microsoft .net framework3.0 sp2
microsoft .net framework3.5 sp1

oki here r the logs thanxs for your help its working faster now :):):):)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, April 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 16, 2009 06:02:30
Records in database: 2049653
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 41053
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:58:36


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\_hemiyubu_.dll.zip Infected: Trojan.Win32.Monder.bzos 1

The selected area was scanned.

my anti virus removed and deleted this to day so u know and i did reboot befor kos scan


DDS (Ver_09-03-16.01) - NTFSx86
Run by andy at 23:31:29.01 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.580 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Documents and Settings\andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.yimg.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239193610828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\yp7061go.default\
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\application data\mozilla\firefox\profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-12-12 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-8 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-8 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-8 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-12-12 144376]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-8 292080]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-4-8 200192]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-8 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-8 108368]
S2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

=============== Created Last 30 ================

2009-04-15 19:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-15 12:06 <DIR> --d----- c:\windows\CAVTemp
2009-04-14 14:08 <DIR> --d----- c:\docume~1\andy\applic~1\Malwarebytes
2009-04-14 14:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 14:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 14:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 14:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 00:19 <DIR> --d----- C:\ComboFix
2009-04-14 00:19 389,120 a------- c:\windows\system32\cmd.execf
2009-04-13 10:38 <DIR> a-dshr-- C:\cmdcons
2009-04-13 10:31 98,816 a------- c:\windows\sed.exe
2009-04-13 10:31 161,792 -------- c:\windows\SWREG.exe
2009-04-12 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-04-09 20:28 <DIR> --d----- c:\program files\NetZero
2009-04-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NetZero
2009-04-09 20:28 <DIR> --d----- C:\NetZeroInstaller
2009-04-09 03:10 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-08 22:26 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-08 22:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-08 21:07 <DIR> --d----- c:\program files\FreqGen
2009-04-08 18:49 <DIR> --d----- c:\docume~1\andy\applic~1\GarageGames
2009-04-08 14:11 43,264 -------- c:\windows\system32\drivers\ser2pl.sys
2009-04-08 12:52 <DIR> --d----- c:\program files\common files\xing shared
2009-04-08 12:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-08 12:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-08 12:51 <DIR> --d----- c:\program files\common files\Real
2009-04-08 12:25 <DIR> --d----- c:\docume~1\andy\applic~1\CallingID
2009-04-08 12:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\scripting
2009-04-08 11:36 <DIR> --d----- c:\windows\l2schemas
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\en
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\bits
2009-04-08 11:32 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-08 11:21 <DIR> --d----- c:\windows\EHome
2009-04-08 10:32 <DIR> --d----- c:\program files\Galaxy Online
2009-04-08 10:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 10:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-08 10:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-08 10:23 <DIR> --d----- c:\documents and settings\andy
2009-04-08 05:52 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 05:52 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-08 05:52 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 05:52 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 05:52 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-08 05:52 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 05:52 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 05:52 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 05:52 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-08 05:47 <DIR> --d----- c:\windows\network diagnostic
2009-04-08 05:24 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 05:24 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 05:24 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 05:24 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 04:19 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-08 04:18 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 04:18 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 04:18 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 04:18 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-08 04:18 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-08 04:18 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 04:18 <DIR> --d----- C:\ca309dd81c045ee7cfe79c
2009-04-08 04:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-08 04:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-08 03:19 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 03:19 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 03:19 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 03:19 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 03:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-08 03:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-08 03:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-08 03:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 03:03 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-08 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-08 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-08 02:43 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-04-08 02:43 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-04-08 02:43 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 02:43 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-04-08 02:43 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 02:27 <DIR> --d----- c:\program files\ISSThirdParty
2009-04-08 02:26 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-08 02:26 <DIR> --d----- c:\program files\common files\Scanner
2009-04-08 02:26 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-08 02:26 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 02:26 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-08 02:26 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-08 02:26 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-08 02:26 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-08 02:26 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-08 02:26 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 02:26 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-08 02:26 17,852 a------- c:\windows\system32\entitlement.xml
2009-04-08 02:26 <DIR> --d----- c:\program files\CA
2009-04-08 02:02 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-04-08 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-04-08 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hpqwmi
2009-04-08 01:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-08 01:47 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-08 01:46 <DIR> --d----- c:\program files\Hp
2009-04-08 01:45 23,040 ac------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-08 01:45 <DIR> --d----- c:\program files\InterVideo
2009-04-08 01:44 14,336 ac------ c:\windows\system32\dllcache\chgusr.exe
2009-04-08 01:43 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-08 01:42 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-08 01:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-08 01:41 <DIR> --d----- c:\program files\Sonic
2009-04-08 01:39 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 01:39 <DIR> --d----- c:\program files\Online Services
2009-04-08 01:39 <DIR> --d----- c:\program files\Messenger
2009-04-08 01:39 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-08 01:38 <DIR> --d----- c:\program files\Windows NT
2009-04-08 01:30 <DIR> --d----- c:\program files\muvee Technologies
2009-04-08 01:30 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-04-08 01:29 <DIR> --d----- c:\program files\Zone.com
2009-04-08 01:24 <DIR> --d----- c:\program files\iPod
2009-04-08 01:24 <DIR> --d----- c:\program files\iTunes
2009-04-08 01:20 <DIR> --d----- c:\program files\HPQ
2009-04-08 01:19 <DIR> --d----- c:\program files\ATI Technologies
2009-04-08 01:18 <DIR> --d----- c:\program files\Synaptics
2009-04-08 01:16 <DIR> --d----- c:\program files\AMD
2009-04-08 01:16 <DIR> --d----- c:\program files\CONEXANT
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\ODBC
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-07 16:22 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-08 11:40 82,791 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-08 01:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-08 01:36 1,550 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-02-09 03:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-11 11:18 3 a--sh--- c:\windows\system32\lipidazi.dll
2009-01-11 23:18 3 a--sh--- c:\windows\system32\pamovuvi.dll
2009-01-10 23:18 64,512 a--sh--- c:\windows\system32\watebebo.exe
2009-01-11 23:18 62,976 a--sh--- c:\windows\system32\yefanopa.exe
2009-01-11 11:18 62,464 a--sh--- c:\windows\system32\zozegebi.exe

============= FINISH: 23:33:31.64 ===============

[extremeboy]

Hello.

There still seems to be a bit more in the DDS log that did not show in the Combofix log apparently.

Let's update Combofix and remove those. Please follow the instructions below.

Please delete Combofix.exe you currently have on your desktop. Re-Download it from one of the following locations and save it to your desktop.

Link 1
Link 2
Link 3



Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
• Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
  Code:

  http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/366182-vundo-vundo778-haxdoore.html
  Collect::
  c:\windows\system32\zozegebi.exe
  c:\windows\system32\yefanopa.exe
  c:\windows\system32\watebebo.exe
  c:\windows\system32\pamovuvi.dll
  c:\windows\system32\lipidazi.dll
  File::
  c:\windows\system32\cmd.execf

  Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  
• Refering to the picture above, drag CFScript into ComboFix.exe.
• When finished, it shall produce a log for you at "C:\ComboFix.txt"

Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.

• Important: Ensure you are connected to the internet before clicking OK on the message box.
• A blue-screen would appear auto-uploading the zipped file I requested.
• After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".

**NOTE**
=================

• IF for some reason Combofix fails to upload anything please do the following:
• Go to Start >> My Computer > C:\
• Then Navigate to the C:\Qoobox\Quarantine folder.
• Find the archive zip file called "[4]-Submit_Date_Time.zip"
• Simply go to This Channel and upload the submit.zip archive file.
• Follow the instructions on that page to copy/paste/send the requested file.

Let me know how it goes and if the upload went successfully or not in your next reply.

Quote:

my real time scaner is picking up the virus that this new scan dose but it delets it and it comes right back its been doing it for 3 days now i tryed to get the log for u but it wont let me copy and paste

Re-scan with that program (I believe it is your Anti-virus software?) and see if it still detects it after Combofix completes. If it does, please post the log (type it, if it's not too long), if not just let me know :)

For your next reply, please post back with:
-The Combofix log
-Log from your real-time protection program (type it if it's not too long, if it didn't detect anything just let me know)
-New DDS log (Only DDS.txt needed)

Thanks. :)

With Regards,
Extremeboy

[birdsbarr]

hi i scaned this morrning with mbam and no spy ware still happy :)
my anti virus log was long so i typed out the locations of the 2 virus for u
thanxs againg for all the help :):) the combfix log was uploaded here is the rest


ComboFix 09-04-17.01 - andy 04/16/2009 13:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.439 [GMT -8:00]
Running from: c:\documents and settings\andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andy\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\cmd.execf
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lipidazi.dll
c:\windows\system32\pamovuvi.dll
c:\windows\system32\watebebo.exe
c:\windows\system32\yefanopa.exe
c:\windows\system32\zozegebi.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 09:48 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 09:48 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 09:48 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 09:46 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 09:46 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 09:46 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 09:46 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 09:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 09:46 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 09:46 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 09:46 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 09:46 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 04:01 . 2009-04-16 04:01 -------- d-----w c:\windows\Sun
2009-04-16 03:49 . 2009-04-16 03:48 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-15 20:17 . 2009-04-15 20:17 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-15 20:06 . 2009-04-15 20:06 -------- d-----w c:\windows\CAVTemp
2009-04-15 05:15 . 2009-04-15 05:15 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Google
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\documents and settings\andy\Application Data\Malwarebytes
2009-04-14 22:08 . 2009-04-06 23:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 22:08 . 2009-04-06 23:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 19:09 . 2009-04-14 19:09 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Qurb4
2009-04-14 19:09 . 2009-04-14 19:09 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Identities
2009-04-13 07:20 . 2009-04-13 07:20 -------- d-----w c:\documents and settings\andy\Application Data\AdobeUM
2009-04-12 18:32 . 2009-04-12 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-04-12 01:29 . 2009-04-12 01:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-12 01:28 . 2009-04-12 01:31 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Google
2009-04-12 01:25 . 2009-04-16 06:31 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Adobe
2009-04-10 04:28 . 2009-04-10 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\NetZero
2009-04-10 04:28 . 2009-04-12 04:09 -------- d-----w C:\NetZeroInstaller
2009-04-09 22:38 . 2009-04-09 22:38 45504 ----a-w c:\documents and settings\andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 06:26 . 2008-10-16 22:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-09 06:26 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Mozilla
2009-04-09 02:49 . 2009-04-09 02:49 -------- d-----w c:\documents and settings\andy\Application Data\GarageGames
2009-04-08 22:11 . 2003-07-16 22:27 43264 ------w c:\windows\system32\drivers\ser2pl.sys
2009-04-08 22:04 . 2009-04-08 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 20:51 . 2009-04-08 20:51 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-08 20:51 . 2009-04-08 20:51 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-08 20:25 . 2009-04-16 21:00 -------- d-----w c:\documents and settings\andy\Application Data\CallingID
2009-04-08 20:25 . 2009-04-08 20:25 0 ----a-w c:\windows\nsreg.dat
2009-04-08 20:25 . 2009-04-08 20:25 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Mozilla
2009-04-08 20:13 . 2009-04-16 03:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\scripting
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\l2schemas
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\en
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\bits
2009-04-08 19:32 . 2009-04-08 19:37 -------- d-----w c:\windows\ServicePackFiles
2009-04-08 19:21 . 2009-04-08 19:21 -------- d-----w c:\windows\EHome
2009-04-08 18:32 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 18:31 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-08 18:24 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-08 13:52 . 2009-02-20 18:09 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 13:52 . 2009-02-20 18:09 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 13:52 . 2009-02-20 18:09 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-08 13:52 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 13:52 . 2009-02-20 18:09 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-08 13:52 . 2009-02-20 18:09 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 13:52 . 2008-07-09 14:30 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 13:52 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 13:52 . 2009-02-20 18:09 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-08 13:24 . 2004-08-04 06:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 13:24 . 2004-08-04 06:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 13:24 . 2004-08-04 06:41 220032 ------w c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 13:24 . 2004-07-18 06:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 12:24 . 2009-04-08 12:24 -------- d-sh--w c:\documents and settings\richard hamm\UserData
2009-04-08 12:20 . 2009-04-08 12:20 107736 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\windows\system32\XPSViewer
2009-04-08 12:18 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-08 12:18 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 12:18 . 2009-04-08 12:19 -------- d-----w C:\ca309dd81c045ee7cfe79c
2009-04-08 12:18 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 12:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-08 11:19 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 11:19 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 11:19 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 11:19 . 2009-02-08 03:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 11:13 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-08 11:13 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-08 11:03 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-08 11:03 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 11:03 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-08 11:00 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-08 10:43 . 2008-08-14 10:04 138496 -c----w c:\windows\system32\dllcache\afd.sys
2009-04-08 10:43 . 2008-06-20 11:51 361600 -c----w c:\windows\system32\dllcache\tcpip.sys
2009-04-08 10:43 . 2008-06-20 11:08 225856 -c----w c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 10:43 . 2008-06-20 17:46 245248 -c----w c:\windows\system32\dllcache\mswsock.dll
2009-04-08 10:43 . 2008-06-20 17:46 147968 -c----w c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 10:26 . 2009-02-16 02:02 250544 ----a-w c:\windows\system32\KeyHelp.ocx
2009-04-08 10:26 . 2009-04-08 10:37 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-08 10:26 . 2009-04-08 10:37 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-08 10:26 . 2009-02-16 20:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-08 10:26 . 2009-02-16 20:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-08 10:26 . 2009-02-16 20:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-04-08 10:26 . 2009-02-16 20:16 99568 ----a-w c:\windows\system32\isafeif.dll
2009-04-08 10:26 . 2007-12-04 19:47 83256 ----a-w c:\windows\system32\vetredir.dll
2009-04-08 10:26 . 2009-04-08 10:26 17852 ----a-w c:\windows\system32\entitlement.xml
2009-04-08 10:01 . 2009-04-12 01:21 45504 ----a-w c:\documents and settings\richard hamm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 03:48 . 2009-04-16 03:48 -------- d-----w c:\program files\Java
2009-04-15 09:53 . 2009-04-08 18:32 -------- d-----w c:\program files\Galaxy Online
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 18:56 . 2009-04-08 10:41 -------- d-----w c:\documents and settings\richard hamm\Application Data\CallingID
2009-04-12 01:29 . 2009-04-12 01:25 -------- d-----w c:\program files\Google
2009-04-10 17:57 . 2009-04-10 04:28 -------- d-----w c:\program files\NetZero
2009-04-09 11:10 . 2009-04-09 11:10 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 10:09 . 2009-04-09 10:06 590 ----a-w C:\updatedatfix.log
2009-04-09 10:09 . 2009-04-08 09:46 -------- d-----w c:\program files\Hp
2009-04-09 07:31 . 2009-04-09 07:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 05:08 . 2009-04-09 05:07 -------- d-----w c:\program files\FreqGen
2009-04-08 23:51 . 2009-04-08 10:02 -------- d-----w c:\program files\Zone.com Deluxe Games
2009-04-08 22:10 . 2009-04-08 09:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 20:52 . 2009-04-08 20:52 -------- d-----w c:\program files\Common Files\xing shared
2009-04-08 20:52 . 2009-04-08 20:51 -------- d-----w c:\program files\Common Files\Real
2009-04-08 20:51 . 2009-04-08 20:51 -------- d-----w c:\program files\Real
2009-04-08 19:40 . 2009-04-08 09:43 82791 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-08 19:28 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\MSBuild
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\Reference Assemblies
2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w c:\program files\MSXML 6.0
2009-04-08 10:41 . 2009-04-08 10:22 921206 ----a-w C:\caisslog.txt
2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\ISSThirdParty
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\CA
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\Common Files\Scanner
2009-04-08 10:26 . 2009-04-08 10:26 55989 ----a-w C:\caavsetupLog.txt
2009-04-08 09:53 . 2009-04-08 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-04-08 09:49 . 2009-04-08 09:49 -------- d-----w c:\documents and settings\All Users\Application Data\hpqwmi
2009-04-08 09:45 . 2009-04-08 09:45 -------- d-----w c:\program files\InterVideo
2009-04-08 09:44 . 2009-04-08 09:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 09:44 . 2009-04-08 09:20 -------- d-----w c:\program files\HPQ
2009-04-08 09:43 . 2009-04-08 09:43 20538 ----a-w C:\sunjava.log
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-08 09:42 . 2009-04-08 09:41 -------- d-----w c:\program files\Sonic
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-08 09:42 . 2009-04-08 09:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-08 09:41 . 2009-04-08 09:41 -------- d-----w c:\program files\Common Files\TiVo Shared
2009-04-08 09:40 . 2009-04-08 09:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-08 09:40 . 2009-04-08 09:39 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-08 09:39 . 2009-04-08 09:36 161 ----a-w C:\mscuxp.log
2009-04-08 09:39 . 2009-04-08 09:35 196 ----a-w C:\sedinst2.log
2009-04-08 09:36 . 2009-04-08 09:19 161 ----a-w C:\setup.log
2009-04-08 09:36 . 2009-04-08 09:36 1550 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-04-08 09:30 . 2009-04-08 09:29 192 ----a-w C:\muvee.log
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 13398 ----a-w C:\mszone.log
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\program files\Zone.com
2009-04-08 09:27 . 2009-04-08 09:25 171 ----a-w C:\HSC.log
2009-04-08 09:25 . 2009-04-08 09:25 -------- d-----w c:\documents and settings\richard hamm\Application Data\Apple Computer
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iPod
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iTunes
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:23 . 2009-04-08 09:22 3221582 ----a-w C:\DNSP1.LOG
2009-04-08 09:20 . 2009-04-08 09:20 20004 ----a-w C:\adobelog.txt
2009-04-08 09:19 . 2009-04-08 09:19 -------- d-----w c:\program files\ATI Technologies
2009-04-08 09:18 . 2009-04-08 09:18 191 ----a-w C:\syntp.log
2009-04-08 09:18 . 2009-04-08 09:18 -------- d-----w c:\program files\Synaptics
2009-04-08 09:17 . 2009-04-08 09:17 32 ----a-w C:\ticrdbus.log
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\CONEXANT
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\AMD
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 03:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-15 09:25 . 2009-01-15 09:25 68608 --sha-w c:\windows\system32\kevezede.dll.tmp
2009-01-15 09:25 . 2009-01-15 09:25 68608 --sha-w c:\windows\system32\nuyeniri.dll.tmp
2009-01-15 09:25 . 2009-01-15 09:25 68608 --sha-w c:\windows\system32\zekavazi.dll.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-04-13_11.06.55.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 20:45 . 2009-04-16 20:45 16384 c:\windows\Temp\Perflib_Perfdata_380.dat
- 2009-04-08 09:35 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-04-08 09:35 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2009-04-13 18:14 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-04-16 20:51 71462 c:\windows\system32\perfc009.dat
- 2009-04-08 09:38 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2009-04-08 09:38 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2007-08-14 02:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 02:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-04-08 09:38 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2009-04-08 09:38 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
- 2007-08-14 02:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-14 02:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 02:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2007-08-14 02:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-16 11:05 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-16 11:05 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-16 11:05 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-16 11:05 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-16 11:05 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-16 11:05 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2009-04-08 09:38 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-04-08 09:38 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-04-08 09:38 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-04-16 20:51 441692 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-04-13 18:14 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2007-08-14 02:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-14 02:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2009-04-08 09:38 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-04-08 09:38 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2009-04-08 09:38 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2009-04-08 09:38 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2009-04-08 09:38 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2009-04-16 03:49 . 2009-04-16 03:48 148888 c:\windows\system32\javaws.exe
- 2009-04-08 20:13 . 2009-04-08 20:13 148888 c:\windows\system32\javaws.exe
- 2009-04-08 20:13 . 2009-04-08 20:13 144792 c:\windows\system32\javaw.exe
+ 2009-04-16 03:49 . 2009-04-16 03:48 144792 c:\windows\system32\javaw.exe
+ 2009-04-16 03:49 . 2009-04-16 03:48 144792 c:\windows\system32\java.exe
- 2009-04-08 20:13 . 2009-04-08 20:13 144792 c:\windows\system32\java.exe
+ 2007-08-14 02:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 20:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2007-07-11 20:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-04-08 09:40 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-16 11:05 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-16 11:05 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-16 11:05 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-16 11:05 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-16 11:05 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-16 11:05 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2004-08-04 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-14 02:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-13 00:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-13 00:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-16 11:05 . 2009-01-17 05:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-16 11:05 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-16 11:05 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-04-08 11:19 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-08 11:19 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-04-08 11:19 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-08 11:19 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-08 11:19 . 2009-02-08 03:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-08 11:19 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-08 11:19 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-16 11:03 . 2009-04-06 15:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-08 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-16 324848]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe" [2009-04-08 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-17 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-17 337136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-8 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 23:46 79368 ----a-w c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=

R2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-08-25 52728]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-12-12 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-18 128240]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-12-12 144376]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-12-12 1153528]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-12-10 797176]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-12-19 297464]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-16 222448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 01:25]

2009-04-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 01:28]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 13:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????-????|?????? ???B?????????????hLC? ??????

scanning hidden files ...


c:\windows\repair

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(2480)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-04-16 13:24
ComboFix-quarantined-files.txt 2009-04-16 21:24
ComboFix2.txt 2009-04-14 08:32
ComboFix3.txt 2009-04-13 19:09

Pre-Run: 29,671,120,896 bytes free
Post-Run: 29,799,563,264 bytes free

517 --- E O F --- 2009-04-16 11:06



DDS (Ver_09-03-16.01) - NTFSx86
Run by andy at 13:33:10.54 on Thu 04/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.354 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Documents and Settings\andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239193610828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\yp7061go.default\
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\application data\mozilla\firefox\profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-12-12 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-8 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-8 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-8 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-12-12 144376]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-8 292080]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-4-8 200192]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-14 38496]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-8 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-8 108368]
S2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

=============== Created Last 30 ================

2009-04-16 01:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 01:48 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 01:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 01:46 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 01:46 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:46 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 01:46 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:46 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:46 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:46 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 01:46 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:46 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-15 12:06 <DIR> --d----- c:\windows\CAVTemp
2009-04-14 14:08 <DIR> --d----- c:\docume~1\andy\applic~1\Malwarebytes
2009-04-14 14:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 14:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 14:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 14:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-13 10:38 <DIR> a-dshr-- C:\cmdcons
2009-04-13 10:31 161,792 a------- c:\windows\SWREG.exe
2009-04-13 10:31 98,816 a------- c:\windows\sed.exe
2009-04-12 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-04-09 20:28 <DIR> --d----- c:\program files\NetZero
2009-04-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NetZero
2009-04-09 20:28 <DIR> --d----- C:\NetZeroInstaller
2009-04-09 03:10 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-08 22:26 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-08 22:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-08 21:07 <DIR> --d----- c:\program files\FreqGen
2009-04-08 18:49 <DIR> --d----- c:\docume~1\andy\applic~1\GarageGames
2009-04-08 14:11 43,264 -------- c:\windows\system32\drivers\ser2pl.sys
2009-04-08 12:52 <DIR> --d----- c:\program files\common files\xing shared
2009-04-08 12:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-08 12:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-08 12:51 <DIR> --d----- c:\program files\common files\Real
2009-04-08 12:25 <DIR> --d----- c:\docume~1\andy\applic~1\CallingID
2009-04-08 12:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\scripting
2009-04-08 11:36 <DIR> --d----- c:\windows\l2schemas
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\en
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\bits
2009-04-08 11:32 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-08 11:21 <DIR> --d----- c:\windows\EHome
2009-04-08 10:32 <DIR> --d----- c:\program files\Galaxy Online
2009-04-08 10:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 10:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-08 10:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-08 10:23 <DIR> --d----- c:\documents and settings\andy
2009-04-08 05:52 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 05:52 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-08 05:52 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 05:52 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 05:52 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-08 05:52 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 05:52 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 05:52 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 05:52 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-08 05:47 <DIR> --d----- c:\windows\network diagnostic
2009-04-08 05:24 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 05:24 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 05:24 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 05:24 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 04:19 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-08 04:18 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 04:18 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 04:18 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 04:18 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-08 04:18 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-08 04:18 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 04:18 <DIR> --d----- C:\ca309dd81c045ee7cfe79c
2009-04-08 04:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-08 04:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-08 03:19 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 03:19 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 03:19 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 03:19 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 03:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-08 03:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-08 03:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-08 03:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 03:03 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-08 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-08 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-08 02:43 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-04-08 02:43 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-04-08 02:43 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 02:43 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-04-08 02:43 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 02:27 <DIR> --d----- c:\program files\ISSThirdParty
2009-04-08 02:26 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-08 02:26 <DIR> --d----- c:\program files\common files\Scanner
2009-04-08 02:26 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-08 02:26 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 02:26 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-08 02:26 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-08 02:26 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-08 02:26 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-08 02:26 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-08 02:26 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 02:26 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-08 02:26 17,852 a------- c:\windows\system32\entitlement.xml
2009-04-08 02:26 <DIR> --d----- c:\program files\CA
2009-04-08 02:02 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-04-08 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-04-08 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hpqwmi
2009-04-08 01:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-08 01:47 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-08 01:46 <DIR> --d----- c:\program files\Hp
2009-04-08 01:45 23,040 ac------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-08 01:45 <DIR> --d----- c:\program files\InterVideo
2009-04-08 01:44 14,336 ac------ c:\windows\system32\dllcache\chgusr.exe
2009-04-08 01:43 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-08 01:42 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-08 01:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-08 01:41 <DIR> --d----- c:\program files\Sonic
2009-04-08 01:39 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 01:39 <DIR> --d----- c:\program files\Online Services
2009-04-08 01:39 <DIR> --d----- c:\program files\Messenger
2009-04-08 01:39 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-08 01:38 <DIR> --d----- c:\program files\Windows NT
2009-04-08 01:30 <DIR> --d----- c:\program files\muvee Technologies
2009-04-08 01:30 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-04-08 01:29 <DIR> --d----- c:\program files\Zone.com
2009-04-08 01:24 <DIR> --d----- c:\program files\iPod
2009-04-08 01:24 <DIR> --d----- c:\program files\iTunes
2009-04-08 01:20 <DIR> --d----- c:\program files\HPQ
2009-04-08 01:19 <DIR> --d----- c:\program files\ATI Technologies
2009-04-08 01:18 <DIR> --d----- c:\program files\Synaptics
2009-04-08 01:16 <DIR> --d----- c:\program files\AMD
2009-04-08 01:16 <DIR> --d----- c:\program files\CONEXANT
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\ODBC
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-07 16:22 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-08 11:40 82,791 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-08 01:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-08 01:36 1,550 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-03-06 06:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 16:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 10:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 04:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 04:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 04:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 03:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 03:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 02:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 11:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 13:34:45.51 ===============


C:\documents and settings\andy\desktop\combofix.exe - win32/nircmd.a trojan, deleted
C:\documents and settings\andy\local settings\application data\mozilla\firefox\profiles\yp7061go.defalt\cache\c2152591d01 - win32/nircmd.a trojan. deleted

[birdsbarr]

hello sorry i forgot to show this to u to when combfix was running i got this error twice

pv.cfexe has encounterd a problum and needs to close it did this twice

thanxs

[extremeboy]

Hello.

Quote:

C:\documents and settings\andy\desktop\combofix.exe - win32/nircmd.a trojan, deleted

This is a false-positive, please do not be alarmed. Combofix uses certain files that anti-virus softwares consider trojans and viruses when it's not the case.

The other file is just a cache which your AV removed.

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
• Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
  Code:

  File::
  c:\windows\system32\kevezede.dll.tmp
  c:\windows\system32\nuyeniri.dll.tmp
  c:\windows\system32\zekavazi.dll.tmp

  Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  
• Refering to the picture above, drag CFScript into ComboFix.exe.
• When finished, it shall produce a log for you at "C:\ComboFix.txt"

Let's run an online scan as well.

Run ESET Online Scan

• Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
• Please go to ESET OnlineScan (NOD32)
• You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
• Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
• Click Start. The online scanner will now prepare itself for running on your pc.
• To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
• Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
• When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
• Click Start, then Run.... The the box that appears type with the quotes:
  "C:\Program Files\EsetOnlineScanner\log.txt"
• The scan results will now open in Notepad
• Click into the text area, right-click and chose select all. Right-click again and chose Copy.
• Post back with the log.txt in your next reply.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Post back with:
-Combofix log
-ESET log

Thanks.

With Regards,
Extremeboy

[birdsbarr]

hi :) iv been trying to run combofix again with the script u gave me but it starts up than when the msdos window it runs in opens it dont do any thing i even tried it after a reboot with the anti vrius and anti spy ware turned off but it still dont run maby im doing something wrong and the CFScript.txt dont disapper like normal let me know whut i could be doing wrong thanxs :) oh the time befor this i ran combofix i got this error mesage pv.cfexe has encountered a problum and has to claose it did this twice but did not close oki thanxs
also i let combofix run for 30 mins befor i closed it

[extremeboy]

Hello.

Let's try this. First disable ALL your security programs you may have on your computer please.

Delete Combofix.exe you have like last time. Re-download from one of those links I gave you and save it to your desktop.

At this point, NONE of your programs should flag Combofix since they are disabled.

Next, delete CFScript.txt that you created last time and create a new one this time.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
• Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
  Code:

  KillAll::
  
  File::
  c:\windows\system32\kevezede.dll.tmp
  c:\windows\system32\nuyeniri.dll.tmp
  c:\windows\system32\zekavazi.dll.tmp

  Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  
  Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

If it still doesn't work, let me know in your next reply.

With Regards,
Extremeboy

[birdsbarr]

hi hi :) i did all u asked and combofix wont run with that script eather. also last night i was on my anime site and it opens up adobe i have 6.0 and than it started opening pages with internet explorer i was useing mozzila and like 50 pages opened i had to end the prosses tree to make it stop i than re boot and scaned for spy ware with mbam and if found 21 vundo and it removed the. my question is can bad stuff on a web site open adobe and infect the pc is so will an update help for this. also when i tried to run combofix and it did not work i deleted it again and than turned off my pc for 30sec than power on with anti virus still off re downloaded combofix added the script and it opens but will do nothing no words telling me to waite tell its done nothing i let it sit for 30 min. should i try it with out the script if so let me know thanxs for all the time u r putting in to this for me *im very gratefull* and i wont be going to that site any more tell i can keep out the bad man lol :) iv also ran mbam again no spy ware yet nice as long as i dont go there :):)

[extremeboy]

Hello.

May I see the MBAM log that you ran earlier with those vundo infections?

I would refrain from using the computer or surfing the web too much at this point.

Please post back with a new set of DDS logs for me so I can see the current status of the machine. Attach log as well.

EDIT2 TO ADD: Combofix was updated again, please do the same by deleting it and re-download it. Try running Combofix with CFScript again, if it doesn't work, then simply double-click it to run it. Post back with the Combofix log as well as the DDS logs in your next reply.

If it doesn't work, let me know we need to check something afterwards if it still doesn't work...

Thanks.

EDIT to ADD: Regarding many IE opening, I'm not exactly too sure why either. I have this problem as well every now and then no specific pattern as to why.

With Regards,
Extremeboy

[birdsbarr]

hi hi :) combfix ran this time yea i quit doing any thing on the net i just play my game right now so thats np here r the logs u asked for thanxs the bird


Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 3

4/17/2009 2:12:47 AM
mbam-log-2009-04-17 (02-12-47).txt

Scan type: Quick Scan
Objects scanned: 70093
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\joredoma.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nezusena.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\royotago.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\harupeza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\begajetu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{287c85ec-b239-485c-b86c-6700e34500c1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f48b630f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmf7b85093 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyukuvifo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\begajetu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\joredoma.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\amoderoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nezusena.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\harupeza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\royotago.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\begajetu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yowokifo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.



ComboFix 09-04-19.01 - andy 04/18/2009 13:34.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.533 [GMT -8:00]
Running from: c:\documents and settings\andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andy\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\kevezede.dll.tmp
c:\windows\system32\nuyeniri.dll.tmp
c:\windows\system32\zekavazi.dll.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kevezede.dll.tmp
c:\windows\system32\nuyeniri.dll.tmp
c:\windows\system32\zekavazi.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-16 09:48 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 09:48 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 09:48 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 09:46 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 09:46 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 09:46 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 09:46 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 09:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 09:46 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 09:46 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 09:46 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 09:46 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 04:01 . 2009-04-16 04:01 -------- d-----w c:\windows\Sun
2009-04-16 03:49 . 2009-04-16 03:48 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-15 20:17 . 2009-04-15 20:17 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-15 20:06 . 2009-04-15 20:06 -------- d-----w c:\windows\CAVTemp
2009-04-15 05:15 . 2009-04-15 05:15 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Google
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\documents and settings\andy\Application Data\Malwarebytes
2009-04-14 22:08 . 2009-04-06 23:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-14 22:08 . 2009-04-06 23:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 19:09 . 2009-04-14 19:09 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Qurb4
2009-04-14 19:09 . 2009-04-14 19:09 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Identities
2009-04-13 07:20 . 2009-04-13 07:20 -------- d-----w c:\documents and settings\andy\Application Data\AdobeUM
2009-04-12 18:32 . 2009-04-12 18:33 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-04-12 01:29 . 2009-04-12 01:29 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-04-12 01:28 . 2009-04-12 01:31 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Google
2009-04-12 01:25 . 2009-04-18 08:33 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-11 07:12 . 2009-04-11 07:12 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Adobe
2009-04-10 04:28 . 2009-04-10 17:57 -------- d-----w c:\documents and settings\All Users\Application Data\NetZero
2009-04-10 04:28 . 2009-04-12 04:09 -------- d-----w C:\NetZeroInstaller
2009-04-09 22:38 . 2009-04-09 22:38 45504 ----a-w c:\documents and settings\andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 06:26 . 2008-10-16 22:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-09 06:26 . 2008-10-16 22:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-09 04:39 . 2009-04-09 04:39 -------- d-----w c:\documents and settings\richard hamm\Local Settings\Application Data\Mozilla
2009-04-09 02:49 . 2009-04-09 02:49 -------- d-----w c:\documents and settings\andy\Application Data\GarageGames
2009-04-08 22:11 . 2003-07-16 22:27 43264 ------w c:\windows\system32\drivers\ser2pl.sys
2009-04-08 22:04 . 2009-04-08 22:04 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-04-08 20:51 . 2009-04-08 20:51 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-08 20:51 . 2009-04-08 20:51 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-08 20:25 . 2009-04-18 21:13 -------- d-----w c:\documents and settings\andy\Application Data\CallingID
2009-04-08 20:25 . 2009-04-08 20:25 0 ----a-w c:\windows\nsreg.dat
2009-04-08 20:25 . 2009-04-08 20:25 -------- d-----w c:\documents and settings\andy\Local Settings\Application Data\Mozilla
2009-04-08 20:13 . 2009-04-16 03:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\scripting
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\l2schemas
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\en
2009-04-08 19:36 . 2009-04-08 19:36 -------- d-----w c:\windows\system32\bits
2009-04-08 19:32 . 2009-04-08 19:37 -------- d-----w c:\windows\ServicePackFiles
2009-04-08 19:21 . 2009-04-08 19:21 -------- d-----w c:\windows\EHome
2009-04-08 18:32 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 18:31 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-04-08 18:24 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-08 13:52 . 2009-02-20 18:09 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 13:52 . 2009-02-20 18:09 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 13:52 . 2009-02-20 18:09 268288 -c----w c:\windows\system32\dllcache\iertutil.dll
2009-04-08 13:52 . 2009-02-20 10:20 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 13:52 . 2009-02-20 18:09 6066176 -c----w c:\windows\system32\dllcache\ieframe.dll
2009-04-08 13:52 . 2009-02-20 18:09 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 13:52 . 2008-07-09 14:30 991232 -c----w c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 13:52 . 2008-07-09 14:25 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 13:52 . 2009-02-20 18:09 63488 -c----w c:\windows\system32\dllcache\icardie.dll
2009-04-08 13:24 . 2004-08-04 06:41 1041536 ------w c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 13:24 . 2004-08-04 06:41 685056 ------w c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 13:24 . 2004-08-04 06:41 220032 ------w c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 13:24 . 2004-07-18 06:55 129045 ------w c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 12:24 . 2009-04-08 12:24 -------- d-sh--w c:\documents and settings\richard hamm\UserData
2009-04-08 12:20 . 2009-04-08 12:20 107736 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\windows\system32\XPSViewer
2009-04-08 12:18 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-08 12:18 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-08 12:18 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 12:18 . 2009-04-08 12:19 -------- d-----w C:\ca309dd81c045ee7cfe79c
2009-04-08 12:18 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 12:18 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-08 11:19 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 11:19 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 11:19 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 11:19 . 2009-02-08 03:02 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 11:13 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-08 11:13 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-08 11:03 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-08 11:03 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 11:03 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-08 11:00 . 2008-07-09 07:38 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-08 10:43 . 2008-08-14 10:04 138496 -c----w c:\windows\system32\dllcache\afd.sys
2009-04-08 10:43 . 2008-06-20 11:51 361600 -c----w c:\windows\system32\dllcache\tcpip.sys
2009-04-08 10:43 . 2008-06-20 11:08 225856 -c----w c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 10:43 . 2008-06-20 17:46 245248 -c----w c:\windows\system32\dllcache\mswsock.dll
2009-04-08 10:43 . 2008-06-20 17:46 147968 -c----w c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 10:26 . 2009-02-16 02:02 250544 ----a-w c:\windows\system32\KeyHelp.ocx
2009-04-08 10:26 . 2009-04-08 10:37 880560 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-04-08 10:26 . 2009-04-08 10:37 108368 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-08 10:26 . 2009-02-16 20:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 10:26 . 2009-02-16 20:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-04-08 10:26 . 2009-02-16 20:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-04-08 10:26 . 2009-02-16 20:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-04-08 10:26 . 2009-02-16 20:16 99568 ----a-w c:\windows\system32\isafeif.dll
2009-04-08 10:26 . 2007-12-04 19:47 83256 ----a-w c:\windows\system32\vetredir.dll
2009-04-08 10:26 . 2009-04-08 10:26 17852 ----a-w c:\windows\system32\entitlement.xml
2009-04-08 10:01 . 2009-04-12 01:21 45504 ----a-w c:\documents and settings\richard hamm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 03:48 . 2009-04-16 03:48 -------- d-----w c:\program files\Java
2009-04-15 09:53 . 2009-04-08 18:32 -------- d-----w c:\program files\Galaxy Online
2009-04-14 22:08 . 2009-04-14 22:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 18:56 . 2009-04-08 10:41 -------- d-----w c:\documents and settings\richard hamm\Application Data\CallingID
2009-04-12 01:29 . 2009-04-12 01:25 -------- d-----w c:\program files\Google
2009-04-10 17:57 . 2009-04-10 04:28 -------- d-----w c:\program files\NetZero
2009-04-09 11:10 . 2009-04-09 11:10 -------- d-----w c:\program files\MSXML 4.0
2009-04-09 10:09 . 2009-04-09 10:06 590 ----a-w C:\updatedatfix.log
2009-04-09 10:09 . 2009-04-08 09:46 -------- d-----w c:\program files\Hp
2009-04-09 07:31 . 2009-04-09 07:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-09 05:08 . 2009-04-09 05:07 -------- d-----w c:\program files\FreqGen
2009-04-08 23:51 . 2009-04-08 10:02 -------- d-----w c:\program files\Zone.com Deluxe Games
2009-04-08 22:10 . 2009-04-08 09:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 20:52 . 2009-04-08 20:52 -------- d-----w c:\program files\Common Files\xing shared
2009-04-08 20:52 . 2009-04-08 20:51 -------- d-----w c:\program files\Common Files\Real
2009-04-08 20:51 . 2009-04-08 20:51 -------- d-----w c:\program files\Real
2009-04-08 19:40 . 2009-04-08 09:43 82791 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-08 19:28 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\MSBuild
2009-04-08 12:19 . 2009-04-08 12:19 -------- d-----w c:\program files\Reference Assemblies
2009-04-08 12:10 . 2009-04-08 12:10 -------- d-----w c:\program files\MSXML 6.0
2009-04-08 10:41 . 2009-04-08 10:22 921206 ----a-w C:\caisslog.txt
2009-04-08 10:27 . 2009-04-08 10:27 -------- d-----w c:\program files\ISSThirdParty
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\CA
2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\program files\Common Files\Scanner
2009-04-08 10:26 . 2009-04-08 10:26 55989 ----a-w C:\caavsetupLog.txt
2009-04-08 09:53 . 2009-04-08 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\CA
2009-04-08 09:49 . 2009-04-08 09:49 -------- d-----w c:\documents and settings\All Users\Application Data\hpqwmi
2009-04-08 09:45 . 2009-04-08 09:45 -------- d-----w c:\program files\InterVideo
2009-04-08 09:44 . 2009-04-08 09:44 -------- d-----w c:\program files\microsoft frontpage
2009-04-08 09:44 . 2009-04-08 09:20 -------- d-----w c:\program files\HPQ
2009-04-08 09:43 . 2009-04-08 09:43 20538 ----a-w C:\sunjava.log
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-04-08 09:42 . 2009-04-08 09:41 -------- d-----w c:\program files\Sonic
2009-04-08 09:42 . 2009-04-08 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-04-08 09:42 . 2009-04-08 09:16 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-08 09:41 . 2009-04-08 09:41 -------- d-----w c:\program files\Common Files\TiVo Shared
2009-04-08 09:40 . 2009-04-08 09:40 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-08 09:40 . 2009-04-08 09:39 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-08 09:39 . 2009-04-08 09:36 161 ----a-w C:\mscuxp.log
2009-04-08 09:39 . 2009-04-08 09:35 196 ----a-w C:\sedinst2.log
2009-04-08 09:36 . 2009-04-08 09:19 161 ----a-w C:\setup.log
2009-04-08 09:36 . 2009-04-08 09:36 1550 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-04-08 09:30 . 2009-04-08 09:29 192 ----a-w C:\muvee.log
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-04-08 09:30 . 2009-04-08 09:30 -------- d-----w c:\program files\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2009-04-08 09:29 . 2009-04-08 09:29 13398 ----a-w C:\mszone.log
2009-04-08 09:29 . 2009-04-08 09:29 -------- d-----w c:\program files\Zone.com
2009-04-08 09:27 . 2009-04-08 09:25 171 ----a-w C:\HSC.log
2009-04-08 09:25 . 2009-04-08 09:25 -------- d-----w c:\documents and settings\richard hamm\Application Data\Apple Computer
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iPod
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\program files\iTunes
2009-04-08 09:24 . 2009-04-08 09:24 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:23 . 2009-04-08 09:22 3221582 ----a-w C:\DNSP1.LOG
2009-04-08 09:20 . 2009-04-08 09:20 20004 ----a-w C:\adobelog.txt
2009-04-08 09:19 . 2009-04-08 09:19 -------- d-----w c:\program files\ATI Technologies
2009-04-08 09:18 . 2009-04-08 09:18 191 ----a-w C:\syntp.log
2009-04-08 09:18 . 2009-04-08 09:18 -------- d-----w c:\program files\Synaptics
2009-04-08 09:17 . 2009-04-08 09:17 32 ----a-w C:\ticrdbus.log
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\CONEXANT
2009-04-08 09:16 . 2009-04-08 09:16 -------- d-----w c:\program files\AMD
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 03:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-04 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-16_21.21.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-18 21:40 . 2009-04-18 21:40 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
+ 2004-08-04 12:00 . 2009-04-18 21:34 71462 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-04-16 20:51 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-04-18 21:34 441692 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-04-16 20:51 441692 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-08 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-02-18 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-02-16 271600]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-16 324848]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe" [2009-04-08 14064]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-02-17 636144]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-02-17 337136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"combofix"="c:\windows\system32\CF12753.exe" [2009-04-18 389120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-8 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-12-14 1376256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 23:46 79368 ----a-w c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=

R2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 133104]
S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-08-25 52728]
S1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-12-12 115704]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-02-18 128240]
S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-12-12 144376]
S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-07-30 58872]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-12-12 1153528]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-12-10 797176]
S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-12-19 297464]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-16 222448]

.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 01:25]

2009-04-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 01:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.yimg.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\Application Data\Mozilla\Firefox\Profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 13:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????-????|?????? ???B?????????????hLC? ??????

scanning hidden files ...


c:\windows\repair

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(2228)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\windows\system32\ati2evxx.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\program files\NetZero\qsacc\X1Exec.exe
.
**************************************************************************
.
Completion time: 2009-04-18 13:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-18 21:47
ComboFix2.txt 2009-04-16 21:24
ComboFix3.txt 2009-04-14 08:32
ComboFix4.txt 2009-04-13 19:09

Pre-Run: 29,834,911,744 bytes free
Post-Run: 29,850,857,472 bytes free

354 --- E O F --- 2009-04-16 11:06




DDS (Ver_09-03-16.01) - NTFSx86
Run by andy at 13:50:37.76 on Sat 04/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.464 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.510\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:7900
uInternet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.yimg.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.mail.yahoo.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com;*.quicken.com;<local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-7.0.0.510\QOELoader.exe"
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239193610828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andy\applic~1\mozilla\firefox\profiles\yp7061go.default\
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\andy\application data\mozilla\firefox\profiles\yp7061go.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-1-5 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-11-18 72696]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-8-25 52728]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-12-12 115704]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-4-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-4-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-4-8 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-4-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-4-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-8 144696]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-4-8 128240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-12-12 144376]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-7-30 58872]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-12-12 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-12-10 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-12-19 297464]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-8 292080]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2009-4-8 200192]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-12-12 205304]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-4-8 222448]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-4-8 108368]
S2 gupdate1c9bb0ee2de0d6;Google Update Service (gupdate1c9bb0ee2de0d6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

=============== Created Last 30 ================

2009-04-16 01:48 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 01:48 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 01:48 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 01:46 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 01:46 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 01:46 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 01:46 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 01:46 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 01:46 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 01:46 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 01:46 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 01:46 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:49 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-15 12:06 <DIR> --d----- c:\windows\CAVTemp
2009-04-14 14:08 <DIR> --d----- c:\docume~1\andy\applic~1\Malwarebytes
2009-04-14 14:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 14:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 14:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 14:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-13 10:38 <DIR> a-dshr-- C:\cmdcons
2009-04-13 10:31 161,792 a------- c:\windows\SWREG.exe
2009-04-13 10:31 98,816 a------- c:\windows\sed.exe
2009-04-12 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-04-09 20:28 <DIR> --d----- c:\program files\NetZero
2009-04-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NetZero
2009-04-09 20:28 <DIR> --d----- C:\NetZeroInstaller
2009-04-09 03:10 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-08 22:26 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-08 22:26 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-08 21:07 <DIR> --d----- c:\program files\FreqGen
2009-04-08 18:49 <DIR> --d----- c:\docume~1\andy\applic~1\GarageGames
2009-04-08 14:11 43,264 -------- c:\windows\system32\drivers\ser2pl.sys
2009-04-08 12:52 <DIR> --d----- c:\program files\common files\xing shared
2009-04-08 12:51 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-08 12:51 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-08 12:51 <DIR> --d----- c:\program files\common files\Real
2009-04-08 12:25 <DIR> --d----- c:\docume~1\andy\applic~1\CallingID
2009-04-08 12:13 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\scripting
2009-04-08 11:36 <DIR> --d----- c:\windows\l2schemas
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\en
2009-04-08 11:36 <DIR> --d----- c:\windows\system32\bits
2009-04-08 11:32 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-08 11:21 <DIR> --d----- c:\windows\EHome
2009-04-08 10:32 <DIR> --d----- c:\program files\Galaxy Online
2009-04-08 10:32 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-08 10:31 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-08 10:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-08 10:23 <DIR> --d----- c:\documents and settings\andy
2009-04-08 05:52 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 05:52 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-08 05:52 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 05:52 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 05:52 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-08 05:52 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 05:52 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 05:52 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 05:52 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-08 05:47 <DIR> --d----- c:\windows\network diagnostic
2009-04-08 05:24 1,041,536 -------- c:\windows\system32\drivers\hsfdpsp2.sys
2009-04-08 05:24 685,056 -------- c:\windows\system32\drivers\hsfcxts2.sys
2009-04-08 05:24 220,032 -------- c:\windows\system32\drivers\hsfbs2s2.sys
2009-04-08 05:24 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-04-08 04:19 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-08 04:18 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-08 04:18 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-08 04:18 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-08 04:18 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-08 04:18 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-08 04:18 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-08 04:18 <DIR> --d----- C:\ca309dd81c045ee7cfe79c
2009-04-08 04:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-08 04:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-08 03:19 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-08 03:19 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-08 03:19 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-08 03:19 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-08 03:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-08 03:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-08 03:03 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-08 03:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-08 03:03 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-08 03:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-08 03:00 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-08 02:43 361,600 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-04-08 02:43 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-04-08 02:43 225,856 -c------ c:\windows\system32\dllcache\tcpip6.sys
2009-04-08 02:43 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-04-08 02:43 147,968 -c------ c:\windows\system32\dllcache\dnsapi.dll
2009-04-08 02:27 <DIR> --d----- c:\program files\ISSThirdParty
2009-04-08 02:26 250,544 a------- c:\windows\system32\KeyHelp.ocx
2009-04-08 02:26 <DIR> --d----- c:\program files\common files\Scanner
2009-04-08 02:26 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-04-08 02:26 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-04-08 02:26 111,856 a------- c:\windows\system32\isafprod.dll
2009-04-08 02:26 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-04-08 02:26 99,568 a------- c:\windows\system32\isafeif.dll
2009-04-08 02:26 83,256 a------- c:\windows\system32\vetredir.dll
2009-04-08 02:26 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-04-08 02:26 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-04-08 02:26 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-04-08 02:26 17,852 a------- c:\windows\system32\entitlement.xml
2009-04-08 02:26 <DIR> --d----- c:\program files\CA
2009-04-08 02:02 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-04-08 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-04-08 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\hpqwmi
2009-04-08 01:48 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-08 01:47 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-08 01:46 <DIR> --d----- c:\program files\Hp
2009-04-08 01:45 23,040 ac------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-04-08 01:45 <DIR> --d----- c:\program files\InterVideo
2009-04-08 01:44 14,336 ac------ c:\windows\system32\dllcache\chgusr.exe
2009-04-08 01:43 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-08 01:42 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-04-08 01:42 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-08 01:41 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-04-08 01:41 <DIR> --d----- c:\program files\Sonic
2009-04-08 01:39 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-04-08 01:39 <DIR> --d----- c:\program files\Online Services
2009-04-08 01:39 <DIR> --d----- c:\program files\Messenger
2009-04-08 01:39 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-08 01:38 <DIR> --d----- c:\program files\Windows NT
2009-04-08 01:30 <DIR> --d----- c:\program files\muvee Technologies
2009-04-08 01:30 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-04-08 01:29 <DIR> --d----- c:\program files\Zone.com
2009-04-08 01:24 <DIR> --d----- c:\program files\iPod
2009-04-08 01:24 <DIR> --d----- c:\program files\iTunes
2009-04-08 01:20 <DIR> --d----- c:\program files\HPQ
2009-04-08 01:19 <DIR> --d----- c:\program files\ATI Technologies
2009-04-08 01:18 <DIR> --d----- c:\program files\Synaptics
2009-04-08 01:16 <DIR> --d----- c:\program files\AMD
2009-04-08 01:16 <DIR> --d----- c:\program files\CONEXANT
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\ODBC
2009-04-07 16:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-07 16:22 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-08 11:40 82,791 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-08 01:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-08 01:36 1,550 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH458UA#ABA)_YN_0Pres_QCNF54120WM_EU_46_I3097_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M895_J40_7AMD_8Sempron_91.79_#090408_N10EC8139_(EH458UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1_G10025955.MRK
2009-03-06 06:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 16:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 10:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 04:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 04:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 04:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 03:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 03:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 03:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 02:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 11:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 13:52:11.51 ===============

[extremeboy]

Hello.

Good. Thanks. Let's run one last online scan hopefully and see if there's anything else to do afterwards.

Please run ESET online scan for me.

Note: Please do not use the computer at all when scanning with ESET, let it scan and post the logs once it's finish. Remember to enable your security programs after it's done.

Run ESET Online Scan

• Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
• Please go to ESET OnlineScan (NOD32)
• You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
• Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
• Click Start. The online scanner will now prepare itself for running on your pc.
• To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
• Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
• When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
• Click Start, then Run.... The the box that appears type with the quotes:
  "C:\Program Files\EsetOnlineScanner\log.txt"
• The scan results will now open in Notepad
• Click into the text area, right-click and chose select all. Right-click again and chose Copy.
• Post back with the log.txt in your next reply.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Re-run DDS and post a new log to me.

How's your computer running now?

For your next reply I would like to see:
~ESET Scan log
~New DDS logs
~A description of how your computer is running now? Any more symptoms?

Thanks.

~Extremeboy