hi, I followed the direction and got a log.. ComboFix 08-10-08.02 - sabio 2008-10-09 3:14:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.949.1.1042.18.573 [GMT -7:00] Running from: D:\download\Combo-Fix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - svchost.exe: deleted 25600 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\d1.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\sabio\Application Data\Adobe\crc.dat C:\Documents and Settings\sabio\Application Data\Adobe\Manager.exe C:\Documents and Settings\sabio\Application Data\Adobe\Player.exe C:\WINDOWS\base64.tmp C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\ealf.exe C:\WINDOWS\msacm32.drv C:\WINDOWS\rasqervy.dll C:\WINDOWS\sdfinacs.dll C:\WINDOWS\sdfixwcs.dll C:\WINDOWS\system32\aejexb.dll C:\WINDOWS\system32\blphc31wj0ec3t.scr C:\WINDOWS\system32\nqBLlUvw.ini C:\WINDOWS\system32\nqBLlUvw.ini2 C:\WINDOWS\system32\ssa.dll C:\WINDOWS\system32\sss.exe C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\wuasirvy.dll C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp C:\x D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://78.157.143.198 hxxp://hqsextube08.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_fci -------\Legacy_icf -------\Legacy_RESTORE -------\Service_FCI -------\Service_ICF -------\Service_restore ((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))) . 2008-10-08 19:08 . 2008-10-08 19:10 <DIR> d-------- C:\Program Files\SWiSH Max2 2008-10-08 16:55 . 2008-10-08 16:55 <DIR> d-------- C:\Program Files\DNA 2008-10-08 16:55 . 2008-10-08 16:55 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-08 16:55 . 2008-10-09 03:18 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\DNA 2008-10-08 16:55 . 2008-10-09 03:03 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\BitTorrent 2008-10-08 15:12 . 2008-10-08 15:12 <DIR> d-------- C:\Program Files\CCleaner 2008-10-08 13:11 . 2008-10-08 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-08 13:06 . 2008-10-08 13:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-08 13:06 . 2008-10-08 13:06 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\SUPERAntiSpyware.com 2008-10-08 12:59 . 2008-10-08 12:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-08 12:37 . 2007-03-02 00:04 <DIR> d-------- C:\Documents and Settings\Administrator\?? ?? 2008-10-08 12:37 . 2007-03-02 00:04 <DIR> d-------- C:\Documents and Settings\Administrator\?? ?? 2008-10-08 12:37 . 2008-10-08 12:37 <DIR> d-------- C:\Documents and Settings\Administrator 2008-10-08 12:22 . 2008-10-08 12:31 1,034,449 ---hs---- C:\WINDOWS\system32\mwphmvkn.ini 2008-10-08 12:13 . 2008-10-08 15:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-08 11:20 . 2008-10-08 11:20 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\sp2 2008-10-08 11:18 . 2008-10-08 17:32 <DIR> d-------- C:\WINDOWS\system32\124909 2008-10-08 11:18 . 2008-10-08 11:18 <DIR> d-------- C:\Program Files\zayjybc 2008-10-08 11:18 . 2008-10-08 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qnaxcfip 2008-10-08 11:17 . 2008-10-09 03:22 103,394 --a------ C:\WINDOWS\system32\drivers\3bf8a7d5.sys 2008-10-08 11:17 . 2008-10-08 11:17 40,960 --a------ C:\siggjefi.exe 2008-10-08 11:17 . 2008-10-08 11:17 2 --a------ C:\2015821312 2008-10-06 10:50 . 2008-10-06 10:50 22,952 --a------ C:\WINDOWS\system32\shinhancard_key.bmp 2008-10-03 17:41 . 2008-10-03 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-03 17:41 . 2008-10-03 17:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-09-28 11:15 . 2008-09-28 11:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-09-26 13:22 . 2008-09-26 13:22 <DIR> d-------- C:\Program Files\MSECache 2008-09-26 12:59 . 2008-09-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-25 21:34 . 2008-10-06 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SWiSHMax2WorkFolder 2008-09-25 20:34 . 2008-09-25 22:50 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\AdobeUM 2008-09-23 00:39 . 2008-09-23 00:39 <DIR> d-------- C:\Program Files\Common Files\SWiSHzone.com 2008-09-23 00:39 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-09-22 22:01 . 2008-09-22 22:01 39,424 --a------ C:\U9_Boys_2008_Season_Schedule.xls 2008-09-19 15:56 . 2008-08-26 13:20 311,296 --a------ C:\WINDOWS\system32\Bugsctrl.dll 2008-09-19 15:56 . 2008-08-26 16:25 167,936 --a------ C:\WINDOWS\system32\jukeon_e.exe 2008-09-19 15:56 . 2008-08-26 13:25 135,168 --a------ C:\WINDOWS\system32\Bugsedf1.dll 2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\system32\ko 2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-17 13:17 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-16 15:48 . 2008-04-13 19:26 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-09-16 15:47 . 2008-04-13 19:26 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2008-09-14 10:44 . 2008-09-14 10:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-09-13 14:57 . 2008-09-14 19:27 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\U3 2008-09-13 12:00 . 2008-09-13 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink 2008-09-13 11:57 . 2008-09-13 11:57 <DIR> d-------- C:\Program Files\Digital Photo Navigator 1.5 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-09 01:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-10-08 21:40 --------- d-----w C:\Program Files\Dell 2008-09-26 03:18 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-19 22:56 --------- d-----w C:\Program Files\Bugs 2008-09-13 19:42 --------- d-----w C:\Documents and Settings\sabio\Application Data\CyberLink 2008-09-13 19:04 --------- d-----w C:\Program Files\CyberLink 2008-09-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-04 06:58 --------- d-----w C:\Documents and Settings\sabio\Application Data\ESTsoft 2008-09-04 06:57 --------- d-----w C:\Program Files\ESTsoft 2008-08-19 11:03 --------- d-----w C:\Program Files\NATEON 2008-08-16 21:48 --------- d-----w C:\Program Files\TELUS 2008-08-16 21:48 --------- d-----w C:\Program Files\Common Files\Motive 2008-08-16 21:48 --------- d-----w C:\Documents and Settings\sabio\Application Data\Motive 2008-08-16 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2008-08-13 21:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-04 64512] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-27 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-27 602182] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-18 25440] "MAAgent"="C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe" [2006-06-01 57344] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 155648] "Samsung Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe" [2004-11-28 61440] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-26 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 257088] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-30 122941] "Vrmon"="C:\Program Files\HAURI\Common\Base\VRMONNT.EXE" [2007-05-08 212992] "HEProtect"="C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe" [2007-01-03 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-21 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-21 348160] "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [2008-04-13 C:\WINDOWS\system32\ctfmon.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "DfGtZDH10R"="C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe" [2008-10-08 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "AppUtilAdm"= {67C97BB7-3EC9-4823-D483-021FC03BF6C8} - C:\Program Files\zayjybc\AppUtilAdm.dll [2008-10-08 135168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=aejexb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ahxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4raxx.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\BugsSvr.exe"= "C:\\Program Files\\UltraEdit\\UEDIT32.EXE"= "C:\\Program Files\\OnNet\\Enppy3\\Enppy3Main.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\skcbgm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"= "C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\jukeon_e.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\winver.exe"= R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-10 93016] R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104] R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe [2008-10-06 178664] R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;C:\WINDOWS\system32\drivers\VRFWNTD5.sys [2005-08-25 80878] S3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-12-20 19632] S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [ ] S3 FILESpy;FILESpy;C:\Program Files\HAURI\Common\Base\filespy.sys [2005-09-06 13665] S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [2007-03-14 9216] S3 JRSUKD24;JRSUKD24;C:\WINDOWS\system32\JRSUKD24.SYS [2007-03-14 6784] S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2008-02-18 101296] S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2008-05-20 121464] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 19712] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 18304] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ] S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-07-30 18316] S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-07-30 164373] S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e846364-93f6-11dc-9435-0019b9588bbb}] \Shell\Auto\command - F:\fun.xls.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7db9f6bd-81d2-11dd-946b-0019b9588bbb}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - VRADFIL . Contents of the 'Scheduled Tasks' folder 2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-09 23:42] 2008-10-09 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-08 12:08] . - - - - ORPHANS REMOVED - - - - BHO-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file) BHO-{44E1144B-28B8-4C3D-BE09-6593CBA45B6F} - (no file) BHO-{e761dafe-535d-4137-8842-f72627ee838c} - C:\WINDOWS\system32\aejexb.dll ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file) SSODL-qmafxprs-{4B197653-53CB-4B1A-A083-8183400C6360} - (no file) SSODL-lfstbwvd-{DCA11969-1A88-420A-843C-7A8AD6AA8985} - (no file) Notify-rqRIxVlj - rqRIxVlj.dll Notify-winuxh32 - winuxh32.dll MSConfigStartUp-inrhc71wj0ec3t - C:\WINDOWS\Temp\.ttC.tmp.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: Microsoft Excel로 내보내기(&X) - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: 링크 대상을 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: 링크 대상을 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: 선택 영역을 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 -: 선택 영역을 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 -: 선택한 링크를 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 -: 선택한 링크를 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {042D97DD-E197-411A-8298-6EE85F1C1421} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab C:\WINDOWS\Downloaded Program Files\mkdsfw.inf O16 -: {044123B5-35DF-4C4E-BAED-26B8ED964342} - hxxp://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab C:\WINDOWS\Downloaded Program Files\HLiveRobotWeb.inf C:\WINDOWS\system32\HKDown.exe C:\WINDOWS\system32\vrpacker.dll C:\WINDOWS\system32\HVrunzip.dll C:\WINDOWS\system32\HKDown.dll C:\WINDOWS\Downloaded Program Files\HLiveRobotWeb.ocx O16 -: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg6.cyworld.nate.com/ImageUpload/CyImageUpload2.cab C:\WINDOWS\Downloaded Program Files\CyImage2.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\CyImage2.dll O16 -: {1A9365CC-319D-420D-99A6-D9FD1E92C966} - hxxp://speed.nia.or.kr/traceroute/TracertPing3.cab C:\WINDOWS\Downloaded Program Files\TracertPing3.inf C:\WINDOWS\Downloaded Program Files\tracertping3.ocx O16 -: {1CDC3381-1B2C-4CD2-A1F0-4AC6942CCE2E} - hxxp://www.neoport.net/cmn/ocx/DzUpdaterX.cab C:\WINDOWS\Downloaded Program Files\DzUpdaterX.inf O16 -: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/xmpi2008.cab C:\WINDOWS\Downloaded Program Files\xmpi2008.inf C:\WINDOWS\Downloaded Program Files\xmpi2008.ocx O16 -: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://plugin.inicis.com/banktown/initech/plugin/down/INIS60.cab C:\WINDOWS\Downloaded Program Files\INIS60.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll O16 -: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://www.shinhancard.com/common/scsk4.cab C:\WINDOWS\Downloaded Program Files\SCSK.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\atl.dll C:\WINDOWS\system32\SCSKAPPLINK.DLL C:\WINDOWS\system32\UnSCSK.exe C:\WINDOWS\system32\SCSK4.ocx O16 -: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab C:\WINDOWS\Downloaded Program Files\SessionControl.inf C:\WINDOWS\Downloaded Program Files\SessionControl.ocx O16 -: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://speed.nia.or.kr/login/sysinfo2.cab C:\WINDOWS\Downloaded Program Files\sysinfo2.inf C:\WINDOWS\Downloaded Program Files\sysinfo2.ocx O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf C:\WINDOWS\Downloaded Program Files\Manager.exe C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx O16 -: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} - hxxp://download.empas.com/rel/EmpasFilebox/x1_1_1_1/EmpasFilebox.cab C:\WINDOWS\Downloaded Program Files\EmpasFilebox.inf C:\WINDOWS\FileboxDownloader.exe C:\WINDOWS\Downloaded Program Files\EmpasFilebox.dll O16 -: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - hxxp://img.shinhan.com/rib/ko/print/Printmade.cab C:\WINDOWS\Downloaded Program Files\Printmade.ocx O16 -: {5D9446DB-E849-4B95-9872-D0C21343ABF0} - hxxp://www.csafer.net/ActiveX/MASetupWizard.cab C:\WINDOWS\Downloaded Program Files\MASetupWizard.inf C:\WINDOWS\system32\MAMACExtract.dll C:\WINDOWS\system32\MASetupWizard.dll O16 -: {5FC62385-06BC-48F4-9890-B373472645B1} - hxxp://www.myasset.com/myasset/login/install/IssacWebTY_nojava.cab C:\WINDOWS\Downloaded Program Files\ISSACWebDY_no_java.inf C:\WINDOWS\system32\ISSACWLibDY_no_java.dll C:\WINDOWS\Downloaded Program Files\ISSACWebDY_no_java.dll O16 -: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid.cab C:\WINDOWS\Downloaded Program Files\ProWorksGrid.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\Downloaded Program Files\ProWorksDBGateway.ocx C:\WINDOWS\Downloaded Program Files\ProWorksGrid.ocx O16 -: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/keypro/2.2.0.46/CKKeyPro.cab C:\WINDOWS\Downloaded Program Files\CKKeyPro.inf C:\WINDOWS\system32\CKApp.dll C:\WINDOWS\system32\CKSetup.exe C:\WINDOWS\system32\Jrsoftcp.dll C:\WINDOWS\system32\JRSKD98.VXD C:\WINDOWS\system32\JRSKD24.sys C:\WINDOWS\Downloaded Program Files\XecureCK.dll C:\WINDOWS\system32\JRSUKD24.sys O16 -: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://www.bccard.com/service/individual/security/images/IniMasPlugin.cab C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\Downloaded Program Files\IniMasPlugin.dll O16 -: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab C:\WINDOWS\Downloaded Program Files\GHGamesPlayer.inf C:\WINDOWS\Downloaded Program Files\ghgamesplayer.dll O16 -: {789B70A5-14A1-49A0-A166-4DA45DB95662} - hxxp://www.myasset.com/myasset/login/install/PopUpBlocker_1006.cab C:\WINDOWS\Downloaded Program Files\PopUpBlocker.inf C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\system32\PopUpBlocker.ocx O16 -: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.1.2/xw_install.cab C:\WINDOWS\Downloaded Program Files\xw_install.inf O16 -: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} - hxxp://www.csafer.net/activex/mabugsdownload.cab C:\WINDOWS\Downloaded Program Files\MABugsDownload.inf C:\WINDOWS\system32\MAMACExtract.dll C:\WINDOWS\system32\MABugsDownload.ocx O16 -: {971A5328-1926-4ED6-B899-6C01338D4B32} - hxxp://game.freechal.com/download/norazo2/Norazo2_40.cab C:\WINDOWS\Downloaded Program Files\Norazo2.inf C:\WINDOWS\system32\atl.dll C:\WINDOWS\system32\dbghelp.dll C:\WINDOWS\system32\NorazoCtl.dll C:\WINDOWS\system32\FGInstaller.exe C:\WINDOWS\system32\ClientSystemInfo_FREECHAL.dll C:\WINDOWS\Norazo2.exe O16 -: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} - hxxps://pg.banktown.com/wallet/plugin/ibtpgClientCM.cab C:\WINDOWS\Downloaded Program Files\ibtpgClientCM.inf C:\WINDOWS\system32\winscard.dll C:\WINDOWS\system32\nsldap32v11.dll C:\WINDOWS\system32\ws2_32.dll C:\WINDOWS\system32\ws2help.dll C:\WINDOWS\yessignCA.pub C:\WINDOWS\cacrt_a1 C:\WINDOWS\system32\BtICCardCT.dll C:\WINDOWS\Downloaded Program Files\ibtpgClientCM.dll O16 -: {9B6D0E46-3F96-11D9-A711-004F4E099F85} - hxxp://www.vanchosun.com/WEBnewszine/WEBnewszine.CAB C:\WINDOWS\Downloaded Program Files\Originality.INF C:\WINDOWS\system32\URLMON.DLL C:\WINDOWS\system32\WININET.DLL C:\WINDOWS\system32\scrrun.dll C:\WINDOWS\system32\MSVBVM60.DLL C:\WINDOWS\system32\OLEAUT32.DLL C:\WINDOWS\system32\OLEPRO32.DLL C:\WINDOWS\system32\ASYCFILT.DLL C:\WINDOWS\system32\STDOLE2.TLB C:\WINDOWS\system32\COMCAT.DLL C:\WINDOWS\system32\olelib2.tlb C:\WINDOWS\system32\olelib.tlb C:\WINDOWS\system32\IOBJSAFE.TLB C:\WINDOWS\Downloaded Program Files\Originality.ocx O16 -: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab C:\WINDOWS\Downloaded Program Files\ewsinstaller.inf C:\WINDOWS\system32\securityloader.dll C:\WINDOWS\system32\ewshandler.dll C:\WINDOWS\system32\sg_cappatx.ocx C:\WINDOWS\system32\sg_cutil.dll C:\WINDOWS\system32\sg_gui.dll C:\WINDOWS\system32\certshare.dll C:\WINDOWS\system32\nsldap32v11.dll C:\WINDOWS\system32\msxml4.dll C:\WINDOWS\system32\msxml4r.dll C:\WINDOWS\system32\msxml4a.dll C:\WINDOWS\system32\sg_api.dll C:\WINDOWS\system32\sg_dlg.dll O16 -: {A5DE5263-214F-4BA2-90FC-C0E32349234D} - hxxp://ftp.entica.com/EnLaunch/ENPPY3/Install/NPWebLaunch.cab C:\WINDOWS\Downloaded Program Files\NPWebLaunch.inf C:\WINDOWS\Downloaded Program Files\NPWebLaunch.dll O16 -: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.dacom.net/dacom/IssacWebProCMS_4_2_6_1.cab C:\WINDOWS\Downloaded Program Files\IssacWebProCMS.inf O16 -: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} - hxxp://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab C:\WINDOWS\Downloaded Program Files\SKMPPClient2.inf C:\WINDOWS\system32\libxus32.dll C:\WINDOWS\system32\Xus.dll C:\WINDOWS\Downloaded Program Files\LoginActiveX.dll O16 -: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} - hxxp://mail.naver.com/activex/NvBigFileUpload2_NT.cab C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2.inf C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2_1.0.2.16.dll C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2_1.0.2.18.dll O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.inf C:\WINDOWS\system32\securityloader.dll C:\WINDOWS\system32\ewshandler.dll C:\WINDOWS\system32\sg_cappatx.ocx C:\WINDOWS\system32\sg_cutil.dll C:\WINDOWS\system32\sg_gui.dll C:\WINDOWS\system32\certshare.dll C:\WINDOWS\system32\nsldap32v11.dll C:\WINDOWS\system32\msxml4.dll C:\WINDOWS\system32\msxml4r.dll C:\WINDOWS\system32\msxml4a.dll C:\WINDOWS\system32\sg_api.dll C:\WINDOWS\system32\sg_dlg.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.ocx C:\WINDOWS\system32\bugs_install.gif O16 -: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/speedtest/SpeedTest.cab C:\WINDOWS\Downloaded Program Files\SpeedTest.inf C:\WINDOWS\Downloaded Program Files\SpeedTest.ocx O16 -: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab C:\WINDOWS\Downloaded Program Files\DacomUpload.inf C:\WINDOWS\system32\WebhardElevated.dll C:\WINDOWS\system32\DacomUpload.ocx O16 -: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab C:\WINDOWS\Downloaded Program Files\skcinst.inf C:\WINDOWS\system32\atl.dll C:\WINDOWS\skcinst2.dll C:\WINDOWS\skcinst1.dll O16 -: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} - hxxp://img.shinhan.com/rib/common/keyStroke/SoftCamp/4092/scskex.cab C:\WINDOWS\Downloaded Program Files\SCSKEX.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\atl.dll C:\WINDOWS\system32\UNSCSKEX.EXE C:\WINDOWS\system32\SCSPT.DLL C:\WINDOWS\system32\SCSKCORE.dll C:\WINDOWS\system32\SCSKEX.ocx O16 -: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} - hxxp://update.nprotect.net/nprotect/lgcard/npx2.cab C:\WINDOWS\Downloaded Program Files\npx2.inf C:\WINDOWS\system32\npdownv.exe C:\WINDOWS\system32\npcopyv.exe C:\WINDOWS\system32\npnv3uninst.exe C:\WINDOWS\system32\npx2.gif C:\WINDOWS\system32\np_chs.ini C:\WINDOWS\system32\np_eng.ini C:\WINDOWS\system32\np_jpn.ini C:\WINDOWS\system32\np_kor.ini C:\WINDOWS\system32\npx2.ocx O16 -: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/ASP/CongnamulMap4Asp_V29.cab C:\WINDOWS\Downloaded Program Files\CongnamulMap4Asp.inf O16 -: {E2A96175-32D0-4651-B228-B474C2408346} - hxxp://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab C:\WINDOWS\Downloaded Program Files\DacomDownload.inf C:\WINDOWS\system32\WebhardElevated.dll C:\WINDOWS\Downloaded Program Files\DacomDownload.ocx O16 -: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab C:\WINDOWS\Downloaded Program Files\IspVcd.inf C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\system32\562174c6.0 C:\WINDOWS\system32\90307e75.0 C:\WINDOWS\system32\28caa510.0 C:\WINDOWS\system32\KvpVer.tbl C:\WINDOWS\system32\KvpUpCom.dll C:\WINDOWS\Downloaded Program Files\KvpIspCtlD.ocx O16 -: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} - hxxp://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab C:\WINDOWS\Downloaded Program Files\kdfense9.inf C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\Downloaded Program Files\kdfense9.ocx O16 -: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - hxxp://img.shinhan.com/rib/common/TrustSite/20041202/ShbAutoTrustSiteX.cab C:\WINDOWS\Downloaded Program Files\ShbAutoTrustSiteX.ocx O16 -: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - hxxp://www.myasset.com/myasset/login/install/SKCommAX_7203.cab C:\WINDOWS\Downloaded Program Files\SKCommAX.inf C:\WINDOWS\system32\nsldap32v11.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\yak3eng.txt C:\WINDOWS\yakgwan3.txt C:\WINDOWS\system32\skmagerapi.dll C:\WINDOWS\system32\SKCommIC.dll C:\WINDOWS\system32\SKCommEM.dll C:\WINDOWS\system32\SKCommCM.dll C:\WINDOWS\system32\SKCommSC.dll C:\WINDOWS\system32\SKCommIF.dll C:\WINDOWS\system32\SKCommTM.exe C:\WINDOWS\system32\SKCommJV.dll C:\WINDOWS\system32\SKCommWB.exe C:\WINDOWS\SKCommAD.dll C:\WINDOWS\system32\SKCommAX.ocx O16 -: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.shinhancard.com/initech/plugin/down/INIS50.cab C:\WINDOWS\Downloaded Program Files\INISafeWeb50.inf C:\WINDOWS\system32\562174c6.0 C:\WINDOWS\system32\nsldap32v11.dll C:\WINDOWS\kisa.der C:\WINDOWS\system32\msvcrt.dll C:\WINDOWS\system32\mfc42.dll C:\WINDOWS\system32\olepro32.dll C:\WINDOWS\system32\INISafeWebTray.exe C:\WINDOWS\system32\initech.gif C:\WINDOWS\system32\certmanui.dll C:\WINDOWS\system32\certstore.dll C:\WINDOWS\system32\INIcrypto20.dll C:\WINDOWS\system32\INIvcs.dll C:\WINDOWS\system32\UnINISafeWeb.exe C:\WINDOWS\system32\INISafeWeb50.dll O16 -: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800_Vista/GWall.cab C:\WINDOWS\Downloaded Program Files\GWall.dll O16 -: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://mail1.naver.com/activex/NaverAXGuide.cab C:\WINDOWS\Downloaded Program Files\NaverAXGuide.inf C:\WINDOWS\system32\NaverAXGuide.exe C:\WINDOWS\Downloaded Program Files\NaverAXGuide.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-09 03:21:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3bf8a7d5] "ImagePath"="\SystemRoot\System32\drivers\3bf8a7d5.sys" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\HAURI\Common\hsvcmod.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\uwdf.exe . ************************************************************************** . Completion time: 2008-10-09 3:27:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-09 10:27:44 Pre-Run: 25,274,540,032 bytes free Post-Run: 25,265,479,680 bytes free 578 --- E O F --- 2008-09-28 17:44:12
Hey leo1001 Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
here's log of malwarebytes ---------------------------------------- Malwarebytes' Anti-Malware 1.28 Database version: 1270 Windows 5.1.2600 Service Pack 3 2008-10-14 오후 9:53:53 mbam-log-2008-10-14 (21-53-53).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 205156 Time elapsed: 1 hour(s), 9 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{67C97BB7-3EC9-4823-D483-021FC03BF6C8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\apputiladm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dfgtzdh10r (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76489-OEM-0011903-00825) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\124909 (Trojan.BHO) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\dotshcbc.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe (Trojan.FakeAlert.H) -> Delete on reboot. C:\QooBox\Quarantine\C\d.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\d1.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\x.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Documents and Settings\sabio\Application Data\Adobe\Player.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\ealf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\aejexb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002011.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002016.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002018.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002019.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002025.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\3bf8a7d5.sys (Rootkit.Agent) -> Delete on reboot. ------------------------------------ thanks alot
Hey leo1001 First of all, I want you to enable viewing of hidden files. • Click Start. • Open My Computer. • Select the Tools menu and click Folder Options. • Select the View Tab. • Under the Hidden files and folders heading select Show hidden files and folders. • Uncheck the Hide protected operating system files (recommended) option. • Click Yes to confirm. • Click OK. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. Open Notepad and copy/paste the text in the code box below into it: Code: Folder:: C:\Program Files\zayjybc C:\Documents and Settings\All Users\Application Data\qnaxcfip File:: C:\siggjefi.exe C:\WINDOWS\system32\mwphmvkn.ini Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e846364-93f6-11dc-9435-0019b9588bbb}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "DfGtZDH10R"=- • Save this as CFScript.txt in the same folder as ComboFix. • Then drag the CFScript.txt into Combo-Fix.exe. • This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt). Do not click on the ComoboFix window, as it may cause it to stall. Find C:\siggjefi.exe and upload it to Virustotal.com. Post the results here. Find this folder: C:\2015821312 and tell me what is in it. After that, post a new HijackThis log and tell me what problems you have left. Best Regards
hey, it took me long time to upload log file. thanks always ---------------------------------------------------------------- ComboFix 08-10-08.02 - sabio 2008-11-09 9:58:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.949.1.1042.18.529 [GMT -8:00] Running from: D:\download\Combo-Fix.exe Command switches used :: D:\download\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - FILE :: C:\siggjefi.exe C:\WINDOWS\system32\mwphmvkn.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\qnaxcfip C:\Program Files\zayjybc C:\Program Files\zayjybc\AppUtilAdm.dll C:\WINDOWS\system32\mwphmvkn.ini . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-06 16:52 . 2008-11-06 16:52 180,224 --a------ C:\WINDOWS\system32\WRebw.dll 2008-11-06 16:52 . 2008-11-06 16:52 65,536 --a------ C:\WINDOWS\system32\cosa.dll 2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- C:\Documents and Settings\sabio\. 2008-10-23 18:58 . 2008-10-23 19:03 783 --a------ C:\WINDOWS\hpbvspst.his 2008-10-23 18:58 . 2008-10-23 19:03 442 --a------ C:\WINDOWS\hpbvspst.ini 2008-10-23 18:57 . 2008-10-23 18:57 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-10-23 18:27 . 2008-10-23 18:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-10-23 12:55 . 2008-10-15 08:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-21 22:42 . 2008-11-06 16:53 16,536 --a------ C:\WINDOWS\system32\JRSUKD25.SYS 2008-10-17 02:05 . 2008-10-17 02:08 1,393 --a------ C:\WINDOWS\imsins.BAK 2008-10-16 22:20 . 2008-09-08 02:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 22:19 . 2008-08-14 05:20 2,190,848 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 22:19 . 2008-08-14 05:19 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 22:19 . 2008-08-14 05:20 2,067,712 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 22:19 . 2008-08-14 05:19 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-16 22:19 . 2008-09-15 07:24 1,846,016 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-14 14:30 . 2008-11-09 07:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 14:30 . 2008-10-14 14:30 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\Malwarebytes 2008-10-14 14:30 . 2008-10-14 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 14:30 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 14:30 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 17:57 --------- d-----w C:\Documents and Settings\sabio\Application Data\DNA 2008-11-09 15:28 --------- d-----w C:\Program Files\Common Files\Adobe 2008-11-07 00:53 11,136 ----a-w C:\WINDOWS\system32\JRSKD24.sys 2008-11-06 02:02 --------- d-----w C:\Program Files\Norton Security Scan 2008-10-24 02:42 --------- d-----w C:\Program Files\HP 2008-10-09 10:03 --------- d-----w C:\Documents and Settings\sabio\Application Data\BitTorrent 2008-10-09 02:10 --------- d-----w C:\Program Files\SWiSH Max2 2008-10-08 23:55 --------- d-----w C:\Program Files\DNA 2008-10-08 23:55 --------- d-----w C:\Program Files\BitTorrent 2008-10-08 22:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-08 22:12 --------- d-----w C:\Program Files\CCleaner 2008-10-08 21:40 --------- d-----w C:\Program Files\Dell 2008-10-08 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-08 20:06 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-10-08 20:06 --------- d-----w C:\Documents and Settings\sabio\Application Data\SUPERAntiSpyware.com 2008-10-08 19:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-08 19:37 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-10-08 18:20 --------- d-----w C:\Documents and Settings\sabio\Application Data\sp2 2008-10-06 17:51 178,664 ----a-w C:\WINDOWS\system32\npkcmsvc.exe 2008-10-06 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SWiSHMax2WorkFolder 2008-09-26 20:22 --------- d-----w C:\Program Files\MSECache 2008-09-26 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-09-26 05:50 --------- d-----w C:\Documents and Settings\sabio\Application Data\AdobeUM 2008-09-23 07:39 --------- d-----w C:\Program Files\Common Files\SWiSHzone.com 2008-09-19 22:56 --------- d-----w C:\Program Files\Bugs 2008-09-17 22:51 271,728 ----a-w C:\WINDOWS\system32\CKSetup32.exe 2008-09-15 15:24 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-15 02:27 --------- d-----w C:\Documents and Settings\sabio\Application Data\U3 2008-09-13 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cyberlink 2008-09-13 19:42 --------- d-----w C:\Documents and Settings\sabio\Application Data\CyberLink 2008-09-13 19:04 --------- d-----w C:\Program Files\CyberLink 2008-09-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-13 18:57 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5 2008-08-26 23:25 167,936 ----a-w C:\WINDOWS\system32\jukeon_e.exe 2008-08-26 20:25 135,168 ----a-w C:\WINDOWS\system32\Bugsedf1.dll 2008-08-26 20:20 311,296 ----a-w C:\WINDOWS\system32\Bugsctrl.dll 2008-08-26 17:08 50,528 ----a-w C:\WINDOWS\system32\WebhardElevated.dll 2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-19 08:28 73,728 ----a-w C:\WINDOWS\system32\Jrsoftcp.dll 2008-08-14 13:19 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:19 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-10-09_ 3.27.27.34 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-26 09:08:25 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll + 2008-08-26 09:08:25 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll + 2008-08-26 09:08:25 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll + 2008-08-26 09:08:25 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll + 2008-08-26 09:08:25 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll + 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe + 2008-08-26 09:08:25 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll + 2008-08-26 09:08:25 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll + 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll + 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat + 2008-08-26 09:08:25 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll + 2008-08-26 09:08:25 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll + 2008-10-03 16:21:29 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll + 2008-08-26 09:08:26 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll + 2008-08-26 09:08:26 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll + 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe + 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe + 2008-08-26 09:08:26 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll + 2008-08-26 09:08:26 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll + 2008-08-26 09:08:26 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll + 2008-08-26 09:08:27 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll + 2008-08-26 09:08:27 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll + 2008-08-26 09:08:27 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll + 2008-08-26 09:08:27 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll + 2008-08-26 09:08:27 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll + 2008-08-26 09:08:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll + 2008-08-26 09:08:27 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll + 2008-08-26 09:08:27 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll + 2008-08-26 09:08:27 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll + 2008-08-26 09:08:28 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll + 2007-03-06 01:54:57 13,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll + 2007-03-06 01:55:02 208,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe + 2007-03-06 01:54:55 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll + 2007-03-06 01:55:20 696,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe + 2007-03-06 01:56:12 341,216 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll - 2007-11-30 00:52:18 356,352 ----a-w C:\WINDOWS\Downloaded Program Files\XecureCK.dll + 2008-09-19 23:38:38 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\XecureCK.dll + 2008-08-14 13:19:49 2,146,816 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 13:20:05 2,067,712 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 13:19:49 2,025,472 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 13:20:05 2,190,848 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe - 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-21 04:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2008-06-23 16:14:39 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll + 2008-06-23 16:14:39 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll + 2008-06-23 16:14:39 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll + 2008-06-23 16:14:39 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll + 2008-06-23 16:14:39 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll + 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe + 2008-06-23 16:14:39 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll + 2008-06-23 16:14:39 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll + 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll + 2008-06-23 16:14:40 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll + 2008-06-23 16:14:40 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll + 2008-06-23 16:14:41 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll + 2008-06-23 16:14:41 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll + 2008-06-23 16:14:41 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll + 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe + 2008-06-23 09:23:14 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe + 2008-06-23 16:14:41 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll + 2008-06-23 16:14:41 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll + 2008-06-23 16:14:41 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll + 2008-06-24 01:14:44 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll + 2008-06-23 16:14:43 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll + 2008-06-23 16:14:43 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll + 2008-06-23 16:14:43 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll + 2008-06-23 16:14:43 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll + 2008-06-23 16:14:43 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll + 2007-03-06 01:55:02 208,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:56:12 341,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2008-06-23 16:14:43 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll + 2008-06-23 16:14:44 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll + 2008-06-23 16:14:44 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll + 2008-06-23 16:14:44 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll - 2008-09-10 14:39:13 593,920 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-10-17 10:06:46 593,920 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-09-10 14:39:13 12,288 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-10-17 10:06:46 12,288 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-09-10 14:39:13 86,016 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-10-17 10:06:46 86,016 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-09-10 14:39:13 135,168 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-10-17 10:06:46 135,168 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-09-10 14:39:13 11,264 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-10-17 10:06:46 11,264 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-09-10 14:39:13 27,136 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-10-17 10:06:46 27,136 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-09-10 14:39:13 4,096 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-10-17 10:06:46 4,096 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-09-10 14:39:13 794,624 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-10-17 10:06:46 794,624 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-09-10 14:39:13 249,856 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-10-17 10:06:46 249,856 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-09-10 14:39:13 61,440 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-10-17 10:06:46 61,440 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-09-10 14:39:13 23,040 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-10-17 10:06:46 23,040 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-09-10 14:39:13 286,720 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-10-17 10:06:46 286,720 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-09-10 14:39:13 409,600 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-10-17 10:06:45 409,600 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-09-28 17:44:12 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-10-17 10:01:51 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe + 2000-08-31 16:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe - 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe + 2000-08-31 16:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe - 2008-06-23 16:14:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-08-26 07:57:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-10-28 11:31:20 143,360 ----a-w C:\WINDOWS\system32\CKApp.dll + 2008-01-22 19:16:32 118,784 ----a-w C:\WINDOWS\system32\CKApp.dll - 2008-06-23 16:14:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-08-26 07:57:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys + 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys - 2008-06-23 16:14:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-08-26 07:57:24 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-06-23 16:14:39 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-08-26 07:57:24 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-06-23 16:14:39 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-08-26 07:57:24 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-06-23 16:14:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-08-26 07:57:24 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-08-25 08:40:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-06-23 16:14:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-08-26 07:57:24 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-06-23 16:14:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-08-26 07:57:24 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-06-23 16:14:40 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-08-26 07:57:24 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-06-23 16:14:40 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-08-26 07:57:25 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-06-23 16:14:41 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-10-03 16:58:16 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-06-23 16:14:41 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-08-26 07:57:26 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-06-23 16:14:41 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-08-26 07:57:26 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-06-23 09:23:14 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-06-23 16:14:41 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-08-26 07:57:26 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-06-23 16:14:41 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-08-26 07:57:27 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-06-23 16:14:41 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-08-26 07:57:27 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-06-24 01:14:44 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-08-27 08:57:28 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-06-23 16:14:43 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-08-26 07:57:28 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-06-23 16:14:43 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-08-26 07:57:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-06-23 16:14:43 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-08-26 07:57:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-06-23 16:14:43 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2008-08-26 07:57:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2008-06-23 16:14:43 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-08-26 07:57:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-06-23 16:14:43 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2008-08-26 07:57:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2008-06-23 16:14:44 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-08-26 07:57:28 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-06-23 16:14:44 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-08-26 07:57:28 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-06-23 16:14:44 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-08-26 07:57:28 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2006-04-04 21:20:37 9,344 ----a-w C:\WINDOWS\system32\drivers\hpfxbulk.sys + 2006-04-04 21:19:11 17,024 ----a-w C:\WINDOWS\system32\drivers\hpfxgen.sys - 2008-04-13 19:15:11 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys + 2008-09-08 10:41:42 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys + 2007-02-22 03:53:48 12,608 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfx64bulk.sys + 2007-02-22 03:53:48 22,592 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfx64gen.sys + 2006-04-05 04:20:36 9,344 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfxbulk.sys + 2006-04-05 04:19:10 17,024 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfxgen.sys + 2007-02-02 05:07:20 188,416 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hppcew05.dll + 2007-02-02 05:07:20 234,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hppdew05_x64.dll + 2007-02-02 05:07:20 450,560 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hppasc05.dll + 2007-03-02 07:10:48 584,704 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpptsp01.dll + 2005-12-12 22:07:58 74,240 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpst1017.dll + 2007-01-19 03:41:42 618,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpxp1017.dll + 2007-02-01 10:48:32 327,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppcp605_2E4D8C1B134AC9F38C3C0AF46F8D6BB299020A04\hppcpr05.dll - 2008-06-23 16:14:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-08-26 07:57:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-06-23 16:14:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-08-26 07:57:24 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-06-23 16:14:39 133,120 ------w C:\WINDOWS\system32\extmgr.dll + 2008-08-26 07:57:24 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2008-09-29 18:24:58 369,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-11-09 15:26:11 370,280 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2007-02-02 05:07:20 188,416 ----a-w C:\WINDOWS\system32\hppcew05.dll + 2005-12-23 20:11:02 102,400 ----a-w C:\WINDOWS\system32\HPTcpMib.dll + 2005-12-23 20:12:22 155,648 ----a-w C:\WINDOWS\system32\HPTcpMon.dll + 2005-12-23 20:14:44 233,472 ----a-w C:\WINDOWS\system32\HPTcpMUI.dll + 2004-01-27 15:56:20 28,672 ----a-w C:\WINDOWS\system32\hpzjfw01.dll + 2006-01-26 22:06:52 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll - 2008-06-23 16:14:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-08-26 07:57:24 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-06-23 09:22:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe + 2008-08-25 08:40:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2008-06-23 16:14:39 153,088 ------w C:\WINDOWS\system32\ieakeng.dll + 2008-08-26 07:57:24 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2008-06-23 16:14:39 230,400 ------w C:\WINDOWS\system32\ieaksie.dll + 2008-08-26 07:57:24 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2008-06-23 16:14:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-08-26 07:57:24 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-06-23 16:14:40 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll + 2008-08-26 07:57:25 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2008-06-23 16:14:41 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-10-03 16:58:16 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-06-23 16:14:41 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2008-08-26 07:57:26 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2008-06-23 16:14:41 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-08-26 07:57:26 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-06-23 16:14:41 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2008-08-26 07:57:26 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2004-03-22 06:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll + 2007-04-09 04:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll - 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-06-23 16:14:41 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-08-26 07:57:27 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-06-23 16:14:41 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-08-26 07:57:27 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-06-24 01:14:44 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-08-27 08:57:28 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-06-23 16:14:43 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-08-26 07:57:28 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-06-23 16:14:43 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-08-26 07:57:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-06-23 16:14:43 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2008-08-26 07:57:28 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2008-04-14 02:26:50 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll + 2008-10-15 16:35:02 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll - 2008-06-23 16:14:43 102,912 ------w C:\WINDOWS\system32\occache.dll + 2008-08-26 07:57:28 102,912 ------w C:\WINDOWS\system32\occache.dll - 2008-10-08 19:23:16 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-11-09 17:01:39 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-10-08 19:23:16 53,944 ----a-w C:\WINDOWS\system32\perfc012.dat + 2008-11-09 17:01:39 53,944 ----a-w C:\WINDOWS\system32\perfc012.dat - 2008-10-08 19:23:16 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-11-09 17:01:39 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-10-08 19:23:16 204,488 ----a-w C:\WINDOWS\system32\perfh012.dat + 2008-11-09 17:01:39 204,488 ----a-w C:\WINDOWS\system32\perfh012.dat - 2008-06-23 16:14:43 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-08-26 07:57:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-11-30 12:39:45 16,248 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:40 16,248 ------w C:\WINDOWS\system32\spmsg.dll + 2007-03-07 22:16:54 2,856,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll + 2006-11-30 00:26:42 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll + 2001-08-27 22:40:50 132,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJRES.DLL + 2005-02-21 08:58:20 177,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie3xu.dll + 2005-09-19 21:17:06 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFIE4wm.DLL + 2005-02-21 08:58:34 7,718,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig3xu.dll + 2005-02-04 10:09:38 16,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs3xu.dll + 2007-01-25 18:05:34 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3c4wm.dll + 2005-04-08 10:44:26 1,054,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r3xu.dll + 2007-02-16 17:08:16 1,468,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz6r4wm.dll + 2005-04-08 10:43:50 515,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev3xu.dll + 2007-01-25 20:24:20 435,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev4wm.dll + 2005-04-08 10:44:00 4,879,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzla3xu.dll + 2005-04-08 10:43:34 659,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzle3xu.dll + 2007-01-25 20:24:38 1,588,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzls4wm.dll + 2007-01-25 20:24:22 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpe4wm.DLL + 2007-01-25 20:25:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi4wm.DLL + 2005-04-08 10:43:52 72,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr3xu.dll + 2005-04-08 10:02:32 557,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss3xu.dll + 2007-01-25 18:57:06 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss4wm.dll + 2005-04-08 09:12:16 2,954,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst3xu.dll + 2007-01-25 18:05:08 5,580,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst4wm.dll + 2005-04-08 10:43:48 1,962,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui3xu.dll + 2007-01-25 20:24:16 3,269,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui4wm.dll + 2007-01-25 18:05:32 3,459,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzur4wm.dll - 2004-03-22 06:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll + 2007-04-09 04:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll + 2006-09-28 15:48:40 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.dll - 2007-05-15 08:08:53 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll + 2007-05-15 08:08:54 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2006-12-07 19:11:50 1,740,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpbcfgre.dll + 2006-11-30 00:26:42 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpcdmc32.dll + 2005-12-23 00:40:22 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpfie43e.dll + 2005-09-19 21:17:06 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\HPFIE4wm.DLL + 2007-01-25 18:05:34 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz3c4wm.dll + 2006-04-25 13:08:08 1,336,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz6r43e.dll + 2007-02-16 17:08:16 1,468,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz6r4wm.dll + 2006-04-25 13:07:30 408,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzev43e.dll + 2007-01-25 20:24:20 435,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzev4wm.dll + 2006-04-25 13:07:52 1,390,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzls43e.dll + 2007-01-25 20:24:38 1,588,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzls4wm.dll + 2007-01-25 20:24:22 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpe4wm.DLL + 2007-01-25 20:25:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpi4wm.DLL + 2006-04-25 13:07:24 69,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpp43e.dll + 2006-04-25 10:39:54 562,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzss43e.dll + 2007-01-25 18:57:06 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzss4wm.dll + 2006-04-25 09:31:38 3,950,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzst43e.dll + 2007-01-25 18:05:08 5,580,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzst4wm.dll + 2006-04-25 13:07:40 2,461,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzui43e.dll + 2007-01-25 20:24:16 3,269,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzui4wm.dll + 2007-01-25 18:05:32 3,459,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzur4wm.dll + 2004-07-10 10:56:00 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\pclxl.dll + 2006-09-28 15:48:44 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIDRV.DLL + 2006-09-28 15:45:46 194,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIDRVUI.DLL + 2006-09-28 15:45:48 618,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIRES.DLL + 2006-04-25 13:07:24 69,120 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.dll + 2007-01-25 20:24:04 286,208 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.dll - 2004-03-22 06:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll + 2007-04-09 04:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - 2008-06-23 16:14:43 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-08-26 07:57:28 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-06-23 16:14:44 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-08-26 07:57:28 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-06-23 16:14:44 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-08-26 07:57:28 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-04 64512] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-27 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-27 602182] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-26 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-26 81920] "imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-18 25440] "MAAgent"="C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe" [2006-06-01 57344] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 155648] "Samsung Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe" [2004-11-28 61440] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-26 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-31 257088] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-30 122941] "Vrmon"="C:\Program Files\HAURI\Common\Base\VRMONNT.EXE" [2007-05-08 212992] "HEProtect"="C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe" [2007-01-03 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-21 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-21 348160] "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [2008-04-13 C:\WINDOWS\system32\ctfmon.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-22 192512] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon] 2008-07-23 15:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=aejexb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ahxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4raxx.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\BugsSvr.exe"= "C:\\Program Files\\UltraEdit\\UEDIT32.EXE"= "C:\\Program Files\\OnNet\\Enppy3\\Enppy3Main.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\skcbgm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"= "C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\jukeon_e.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\winver.exe"= R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-10 93016] R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104] R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe [2008-10-06 178664] R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;C:\WINDOWS\system32\drivers\VRFWNTD5.sys [2005-08-25 80878] S1 3bf8a7d5;3bf8a7d5;C:\WINDOWS\system32\drivers\3bf8a7d5.sys [ ] S3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-12-20 19632] S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [ ] S3 FILESpy;FILESpy;C:\Program Files\HAURI\Common\Base\filespy.sys [2005-09-06 13665] S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 9344] S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [2008-11-06 11136] S3 JRSUKD24;JRSUKD24;C:\WINDOWS\system32\JRSUKD24.SYS [2007-03-14 6784] S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2008-02-18 101296] S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2008-05-20 121464] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 19712] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 18304] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ] S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-07-30 18316] S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-07-30 164373] S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031b9792-0afe-11dd-944c-0019d24f14eb}] \Shell\Auto\command - F:\RavMonE.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7db9f6bd-81d2-11dd-946b-0019b9588bbb}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - VRADFIL . Contents of the 'Scheduled Tasks' folder 2008-11-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-09 22:42] 2008-11-06 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-08 11:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 09:59:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-09 10:01:47 ComboFix-quarantined-files.txt 2008-11-09 18:01:30 ComboFix2.txt 2008-10-09 10:27:58 Pre-Run: 24,444,108,800 bytes free Post-Run: 24,980,111,360 bytes free 544 --- E O F --- 2008-10-24 03:02:21
Hey leo1001 Since my last post, you have gotten more infected. If you do not have an antivirus, please follow the instructions below: Please download Avira AntiVir Personal and install it. Follow the prompts and reboot if required. Launch Avira AntiVir Personal either by running C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe or right-click on the Antivir icon in your task bar (it looks like a white umbrella with a red background) and click on Start AntiVir. Configuring AntiVir • Click on Configuration. • Make sure Expert mode is checked • Expand +Scanner > +Scan. • Click on Action for concerning files. • Check Automatic, and set Primary Action: to quarantine. • Click on Heuristic. • Make sure Macrovirus heuristic, Win32 file heuristic, and Medium detection level are checked. • Expand +General and click on Extended threat categories. • Check everything off the list except Application (APPL). • Click on the button OK at the bottom of the window. Updating AntiVir • At the main window, click on Start update. • Wait for AntiVir to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch AntiVir. • At the main window, click on Scan system now. • Wait for the scan to complete, and then click on Report. A Notepad window will pop up. Save this onto your computer. • Click on End, and reboot your computer. Post A Log • Post the contents of the report you saved. If you didn't save the report, • Launch AntiVir • Under Overview, click on Reports. • Choose the report listed at the top, and right-click on it. • Click on Display report. • Click on Report file. • Copy and paste the contents of the log here in your next post. Best Regards
Avira AntiVir Personal Report file date: 2008/11/10 Mon 22:08 Scanning for 1024586 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: sabio Computer name: OK Version information: BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 18:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 17:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 22:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 17:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 05:58:04 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 05:58:09 ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 2008-11-09 05:58:10 ANTIVIR3.VDF : 7.1.0.65 52736 Bytes 2008-11-10 05:58:11 Engineversion : 8.2.0.29 AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 20:05:56 AESCRIPT.DLL : 8.1.1.13 332156 Bytes 2008-11-11 05:58:39 AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-11 05:58:36 AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-11 05:58:35 AEPACK.DLL : 8.1.3.3 393591 Bytes 2008-11-11 05:58:31 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-11 05:58:28 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-11 05:58:26 AEHELP.DLL : 8.1.1.3 119157 Bytes 2008-11-11 05:58:18 AEGEN.DLL : 8.1.1.0 319859 Bytes 2008-11-11 05:58:17 AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 20:05:56 AECORE.DLL : 8.1.4.1 172405 Bytes 2008-11-11 05:58:14 AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 20:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 18:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 19:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-11 05:58:12 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 21:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 18:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 22:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 03:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 22:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 22:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 23:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 23:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: quarantine Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: -DIAL,+APPL,-BDC,-HIDDENEXT,-PHISH, Start of the scan: 2008/11/10 Mon 22:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '72' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\sabio\My Documents\Downloads\swish\SWiSH Max v 2.0 Build 2008.01.31\SwishMax 2 Patch.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> is166234.exe [DETECTION] Is the TR/Dldr.Injecter.aqc Trojan --> SWISHM~1.EXE [DETECTION] Is the TR/Agent.AHOE.5 Trojan [NOTE] The file was moved to '4982250c.qua'! C:\QooBox\Quarantine\C\Documents and Settings\sabio\Application Data\Adobe\Manager.exe.vir [DETECTION] Is the TR/Small.xta Trojan [NOTE] The file was moved to '49872fa5.qua'! C:\QooBox\Quarantine\C\Program Files\zayjybc\AppUtilAdm.dll.vir [DETECTION] Is the TR/Obfuscated.GX.2466 Trojan [NOTE] The file was moved to '49892fb5.qua'! C:\QooBox\Quarantine\C\WINDOWS\msacm32.drv.vir [DETECTION] Is the TR/Small.xzz Trojan [NOTE] The file was moved to '497a2fb8.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSl.dll.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '496c2f8a.qua'! C:\WINDOWS\NIRCMD.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496b303c.qua'! C:\WINDOWS\system32\ALZZip.BIN [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.DRPE back-door program [NOTE] The file was moved to '497336d7.qua'! Begin scan in 'D:\' D:\download\Combo-Fix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '49863e78.qua'! D:\download\Adobe.Flash.CS3.Keymaker.Only-ZWT\Adobe.Flash.CS3.Keymaker.Only-ZWT\Keygen.exe [DETECTION] Is the TR/Proxy.Horst.aae.14 Trojan [NOTE] The file was moved to '49923f05.qua'! D:\download\cs3\68fc0e6ff300263e6f44382e4126423211e2a053216381d_dl.part3.rar [0] Archive type: RAR --> keygen.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001 [WARNING] Failed! [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. D:\past_works\Twainlee\Utilities\Programs\susetup.exe [0] Archive type: ZIP SFX (self extracting) --> CHECKUPDATE.DLL [DETECTION] Contains recognition pattern of the APPL/Serv-U.6105.D application --> SERVUTRAY.EXE [DETECTION] Contains recognition pattern of the APPL/Servu.D application [NOTE] The file was moved to '498c4efc.qua'! End of the scan: 2008/11/11 Tue 01:38 Used time: 3:30:33 Hour(s) The scan has been done completely. 13801 Scanning directories 822714 Files were scanned 16 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 10 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 822697 Files not concerned 7444 Archives were scanned 2 Warnings 11 Notes
Hey leo1001 Excellent! You're doing great. Few more steps left. I need you to do some analysis. • Click Start. • Open My Computer. • Select the Tools menu and click Folder Options. • Select the View Tab. • Under the Hidden files and folders heading select Show hidden files and folders. • Uncheck the Hide protected operating system files (recommended) option. • Click Yes to confirm. • Click OK. After that, locate these files and folders: Code: C:\WINDOWS\system32\WRebw.dll C:\WINDOWS\system32\cosa.dll c:\Windows\system32\aejexb.dll C:\WINDOWS\system32\drivers\3bf8a7d5.sys C:\Qoobox Zip them all up, and upload it to http://www.uploadmalware.com/ . After that, upload all these files to http://www.virustotal.com/ , except for C:\Qoobox. Post the results from virustotal.com here. Best Regards
I couldn't find couple files. ---------------------------------------------- AhnLab-V3 2008.11.13.0 2008.11.13 - AntiVir 7.9.0.31 2008.11.12 - Authentium 5.1.0.4 2008.11.12 - Avast 4.8.1248.0 2008.11.12 - AVG 8.0.0.199 2008.11.12 - BitDefender 7.2 2008.11.13 - CAT-QuickHeal 9.50 2008.11.12 - ClamAV 0.94.1 2008.11.13 - DrWeb 4.44.0.09170 2008.11.13 - eSafe 7.0.17.0 2008.11.12 - eTrust-Vet 31.6.6204 2008.11.11 - Ewido 4.0 2008.11.12 - F-Prot 4.4.4.56 2008.11.12 - F-Secure 8.0.14332.0 2008.11.13 - Fortinet 3.117.0.0 2008.11.13 - GData 19 2008.11.13 - Ikarus T3.1.1.45.0 2008.11.13 - K7AntiVirus 7.10.523 2008.11.12 - Kaspersky 7.0.0.125 2008.11.13 - McAfee 5432 2008.11.13 - Microsoft 1.4104 2008.11.13 - NOD32 3608 2008.11.13 - Norman 5.80.02 2008.11.12 - Panda 9.0.0.4 2008.11.12 - PCTools 4.4.2.0 2008.11.13 - Prevx1 V2 2008.11.13 - Rising 21.03.22.00 2008.11.12 - SecureWeb-Gateway 6.7.6 2008.11.12 - Sophos 4.35.0 2008.11.13 - Sunbelt 3.1.1783.2 2008.11.05 - Symantec 10 2008.11.13 - TheHacker 6.3.1.1.151 2008.11.13 - TrendMicro 8.700.0.1004 2008.11.13 - VBA32 3.12.8.9 2008.11.12 - ViRobot 2008.11.12.1463 2008.11.12 - VirusBuster 4.5.11.0 2008.11.12 - File size: 116335 bytes MD5...: f8c91cbf5135c029edee67b944719302 SHA1..: 6ae70d74bb07dbfdf4cc8de4f834a0058188cdf5 SHA256: fff4305864f761fc236f5f595d698fc0670a3e248cc82b2a5e656d4042c59a98 SHA512: d4885d6f269670603451fee3ee3868eb3781824c3e8f9d983c5d57f8f8e2260d fe673f2ed84c6ff3e434722f78ac80cdf7dfe0ee6d457d61dc0d7f67840da89f PEiD..: - TrID..: File type identification ZIP compressed archive (100.0%) PEInfo: -
Wonderful, leo1001 You look clean. Any more problems? You can delete Combofix and uninstall all programs if you choose, even though I will recommend Antivir as an antivirus. Best Regards
