Solve : Virus Infection: YUR1.exe?

1.	Solve : Virus Infection: YUR1.exe?
Answer» ComboFix 08-10-12.01 - Hoogoz 2008-10-13 22:01:58.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT 1:00] Running from: C:\Documents and Settings\Hoogoz\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\drivers\avgrkx86.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AVGRKX86 -------\Service_AvgRkx86 ((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))))) . 2008-10-13 21:30 . 2008-10-13 21:41 d----c--- C:\32788R22FWJFW 2008-10-13 21:08 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-10-13 21:08 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-10-13 21:08 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-10-13 21:05 . 2008-10-13 21:05 d-------- C:\WINDOWS\system32\LogFiles 2008-10-13 21:05 . 2008-10-13 21:06 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-10-13 21:05 . 2008-10-13 21:06 3,571 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-10-13 21:03 . 2008-10-13 21:03 d-------- C:\WINDOWS\LastGood 2008-10-11 17:19 . 2008-10-11 17:19 d-------- C:\Program Files\Trend Micro 2008-10-11 14:25 . 2008-10-11 14:27 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-11 14:25 . 2008-10-11 14:25 d----c--- C:\Documents and Settings\Hoogoz\Application Data\Malwarebytes 2008-10-11 14:25 . 2008-10-11 14:25 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-11 14:25 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-11 14:25 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-11 14:17 . 2008-10-11 14:17 d----c--- C:\Documents and Settings\Hoogoz\Application Data\AdobeUM 2008-10-11 12:27 . 2008-10-11 12:27 d-------- C:\Program Files\SUPERAntiSpyware 2008-10-11 12:27 . 2008-10-11 12:27 d----c--- C:\Documents and Settings\Hoogoz\Application Data\SUPERAntiSpyware.com 2008-10-11 12:27 . 2008-10-11 12:27 d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-11 12:25 . 2008-10-11 12:25 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-11 12:15 . 2008-10-13 21:08 1,393 --a------ C:\WINDOWS\imsins.BAK 2008-10-11 11:23 . 2008-10-11 11:23 d----c--- C:\ERDNT 2008-10-07 21:13 . 2008-10-04 03:11 d----c--- C:\SDFix 2008-10-07 17:54 . 2008-10-07 17:54 d-------- C:\Program Files\CCleaner 2008-10-06 19:37 . 2008-10-06 19:37 d-------- C:\Program Files\MSXML 4.0 2008-10-06 18:15 . 2008-10-11 17:15 d-------- C:\Program Files\pywjwzf 2008-10-06 18:15 . 2008-10-06 18:19 d----c--- C:\Documents and Settings\All Users\Application Data\xexylkxq 2008-10-06 04:28 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-06 04:28 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-06 04:24 . 2007-07-09 14:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-10-06 04:17 . 2008-04-11 19:50 683,520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-06 04:17 . 2008-05-08 13:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-06 04:15 . 2006-12-26 14:07 536,576 --------- C:\WINDOWS\system32\dllcache\msado15.dll 2008-10-06 04:15 . 2006-12-19 19:16 333,824 --------- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-10-06 04:15 . 2006-08-14 11:34 332,928 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-06 04:15 . 2006-12-26 14:07 200,704 --------- C:\WINDOWS\system32\dllcache\msadox.dll 2008-10-06 04:15 . 2006-12-26 14:07 180,224 --------- C:\WINDOWS\system32\dllcache\msadomd.dll 2008-10-06 04:15 . 2006-12-26 14:07 102,400 --------- C:\WINDOWS\system32\dllcache\msjro.dll 2008-10-06 04:13 . 2007-05-16 16:12 1,314,816 --------- C:\WINDOWS\system32\dllcache\msoe.dll 2008-10-06 04:12 . 2007-04-16 16:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-10-06 04:12 . 2007-02-09 12:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-10-06 04:12 . 2007-12-04 19:38 550,912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2008-10-06 04:12 . 2006-05-05 10:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-10-06 04:12 . 2006-05-05 10:47 174,592 --------- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-10-06 04:12 . 2008-06-20 18:41 148,992 --a------ C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-10-06 04:12 . 2006-03-17 01:38 28,672 --a------ C:\WINDOWS\system32\verclsid.exe 2008-10-06 04:12 . 2006-06-26 18:37 8,192 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll 2008-10-06 04:11 . 2007-01-23 20:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-10-05 20:45 . 2008-10-05 20:45 d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-10-05 20:38 . 2008-10-13 22:01 d--h-c--- C:\$AVG8.VAULT$ 2008-10-05 20:11 . 2008-10-12 19:05 d----c--- C:\Documents and Settings\Hoogoz\Tracing 2008-10-05 19:57 . 2008-10-05 19:57 d-------- C:\Program Files\Microsoft 2008-10-05 19:57 . 2008-10-05 19:57 38,640 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-10-05 19:56 . 2008-10-05 19:56 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-10-05 19:55 . 2008-10-05 19:57 2,525 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-10-05 19:54 . 2008-10-05 19:54 d-------- C:\WINDOWS\BricoPacks 2008-10-05 19:40 . 2008-10-05 19:40 d-------- C:\Program Files\Common Files\Windows Live 2008-10-05 16:40 . 2008-10-06 17:53 d----c--- C:\Documents and Settings\Hoogoz\Application Data\Flock 2008-10-05 16:36 . 2008-10-05 16:37 d-------- C:\Program Files\Opera 2008-10-05 16:23 . 2008-10-05 16:23 d----c--- C:\Documents and Settings\Hoogoz\Application Data\Sibelius Software 2008-10-05 16:21 . 2008-10-05 16:21 d--hsc--- C:\Documents and Settings\Hoogoz\PrivacIE 2008-10-05 09:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-05 09:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-10-05 09:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-04 22:39 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll 2008-10-04 22:39 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-10-04 22:39 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-10-04 22:39 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-04 22:39 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-10-01 21:49 . 2008-10-11 22:49 d----c--- C:\Documents and Settings\Hoogoz\Application Data\LimeWire 2008-10-01 20:59 . 2008-10-01 20:59 12,670 --a------ C:\WINDOWS\system32\LexFiles.ulf 2008-10-01 20:00 . 2005-08-03 10:52 65,536 -ra------ C:\WINDOWS\system32\lxcfcfg.dll 2008-10-01 20:00 . 2006-05-03 15:15 1,158 -ra------ C:\WINDOWS\system32\lxcf.loc 2008-10-01 19:59 . 2008-10-04 22:32 d----c--- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} 2008-10-01 19:59 . 2008-10-01 19:59 d----c--- C:\Temp 2008-10-01 19:35 . 2008-10-01 19:35 d----c--- C:\Documents and Settings\Hoogoz\Application Data\uniblue 2008-10-01 19:27 . 2008-10-01 19:27 d-------- C:\Program Files\Uniblue 2008-10-01 19:25 . 2008-10-01 19:25 d-------- C:\WINDOWS\system32\XPSViewer 2008-10-01 19:25 . 2008-10-01 19:25 d-------- C:\Program Files\Reference Assemblies 2008-10-01 19:24 . 2008-10-01 19:25 d----c--- C:\d52dcd8cafe85a118c32484a481c 2008-10-01 19:24 . 2008-07-06 13:06 1,676,288 --a------ C:\WINDOWS\system32\xpssvcs.dll 2008-10-01 19:24 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll 2008-10-01 19:24 . 2008-07-06 11:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe 2008-10-01 19:24 . 2008-07-06 13:06 575,488 --a------ C:\WINDOWS\system32\xpsshhdr.dll 2008-10-01 19:24 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll 2008-10-01 19:24 . 2008-07-06 13:06 117,760 --a------ C:\WINDOWS\system32\prntvpt.dll 2008-10-01 19:24 . 2008-07-06 13:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll 2008-10-01 19:21 . 2008-10-01 19:21 d-------- C:\Program Files\MSXML 6.0 2008-10-01 19:05 . 2008-10-01 19:05 dr-h-c--- C:\AHCache 2008-10-01 18:55 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-10-01 18:16 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2008-09-30 20:29 . 2008-09-30 20:29 d--h-c--- C:\WINDOWS\ie8 2008-09-30 20:25 . 2008-10-11 22:50 d----c--- C:\Documents and Settings\Hoogoz\Application Data\mIRC 2008-09-30 19:32 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-30 18:16 . 2008-10-01 22:11 d----c--- C:\Documents and Settings\Hoogoz\Application Data\Apple Computer 2008-09-30 18:16 . 2008-09-30 18:16 d----c--- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-30 18:16 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-09-30 18:16 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-09-30 18:14 . 2008-09-30 18:14 d-------- C:\Program Files\Apple Software Update 2008-09-30 18:14 . 2008-09-05 22:16 36,864 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-30 17:44 . 2008-10-06 19:25 d----c--- C:\Documents and Settings\Hoogoz\Application Data\uTorrent 2008-09-29 22:49 . 2008-10-13 20:45 d-------- C:\WINDOWS\system32\drivers\Avg 2008-09-29 22:49 . 2008-09-29 22:49 d-------- C:\Program Files\AVG 2008-09-29 22:49 . 2008-09-30 17:36 d----c--- C:\Documents and Settings\Hoogoz\Application Data\AVGTOOLBAR 2008-09-29 22:49 . 2008-10-06 07:39 d----c--- C:\Documents and Settings\All Users\Application Data\avg8 2008-09-29 22:49 . 2008-09-29 22:49 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-29 22:49 . 2008-09-29 22:49 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-09-29 22:49 . 2008-09-29 22:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-09-29 22:40 . 2008-10-12 19:09 24 --a--c--- C:\Documents and Settings\Hoogoz\jagex_runescape_preferences.dat 2008-09-29 22:24 . 2008-09-29 22:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-09-29 22:23 . 2008-10-13 21:20 d--hsc--- C:\Documents and Settings\Hoogoz\Temporary Internet Files 2008-09-29 22:23 . 2008-10-05 17:07 d--hsc--- C:\Documents and Settings\Hoogoz\History 2008-09-29 22:22 . 2008-09-29 22:22 1,712 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario C300 (RT150EA#ABU)_YN_0Pres_QCND6431K9K_E433921031_46_I30 C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M 1015_J80_7Intel_8T1300_91.66_#080929_N10EC8139_(RT150EA#ABU)_XMOBILE_CN10_Z_2F.05_G808627A2.MRK 2008-09-29 22:20 . 2008-10-07 17:57 d----c--- C:\Documents and Settings\Hoogoz 2008-09-29 22:18 . 2008-09-30 05:26 d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-09-29 22:10 . 2008-10-07 17:33 90,112 --a------ C:\WINDOWS\DUMP4824.tmp 2008-09-29 22:10 . 2008-10-07 17:32 90,112 --a------ C:\WINDOWS\DUMP47f5.tmp 2008-09-29 22:10 . 2008-10-10 17:55 90,112 --a------ C:\WINDOWS\DUMP39bd.tmp 2008-09-29 22:10 . 2008-10-07 17:31 90,112 --a------ C:\WINDOWS\DUMP2b55.tmp 2008-09-27 12:48 . 2008-09-29 20:03 d----c--- C:\Documents and Settings\Hugo\Tracing 2008-09-20 16:41 . 2008-09-20 16:41 d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-09-20 16:32 . 2008-09-20 16:32 d-------- C:\Program Files\Yahoo!. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 19:33 --------- d-----w C:\Program Files\mIRC 2008-10-11 18:05 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-06 06:40 --------- d-----w C:\Program Files\Common Files\Adobe 2008-10-05 21:45 --------- d-----w C:\Program Files\DIGStream 2008-10-05 19:45 --------- d-----w C:\Program Files\Google 2008-10-05 18:57 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-10-05 09:01 --------- d-----w C:\Program Files\Windows Live 2008-10-05 08:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-04 21:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-04 21:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-01 20:48 --------- d-----w C:\Program Files\LimeWire 2008-10-01 18:25 --------- d-----w C:\Program Files\MSBuild 2008-10-01 17:52 --------- d-----w C:\Program Files\Microsoft Works 2008-09-30 18:32 --------- d-----w C:\Program Files\Java 2008-09-30 17:16 --------- d-----w C:\Program Files\iTunes 2008-09-30 17:16 --------- d-----w C:\Program Files\Bonjour 2008-09-30 17:15 --------- d-----w C:\Program Files\QuickTime 2008-09-30 17:15 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-30 16:45 --------- d-----w C:\Program Files\Symantec 2008-09-30 16:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-09-30 04:43 --------- d-----w C:\Program Files\Sonic 2008-09-30 04:41 --------- d-----w C:\Program Files\RGB 2008-09-30 04:40 --------- d-----w C:\Program Files\NetWaiting 2008-09-30 04:39 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-30 04:39 --------- d-----w C:\Program Files\Intel 2008-09-30 04:38 --------- d-----w C:\Program Files\HP 2008-09-30 04:38 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-30 04:37 --------- d-----w C:\Program Files\ESPNMotion 2008-09-30 04:37 --------- d-----w C:\Program Files\EnglishOtto 2008-09-30 04:37 --------- d-----w C:\Program Files\Easy Internet Signup 2008-09-30 04:37 --------- d-----w C:\Program Files\CONEXANT 2008-09-30 04:37 --------- d-----w C:\Program Files\Common Files\TiVo Shared 2008-09-30 04:36 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-09-30 04:36 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-09-30 04:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-30 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-09-30 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-09-30 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-29 08:10 --------- d-----r C:\Program Files\Net Nanny 2008-09-29 07:00 --------- dc----w C:\Documents and Settings\Hugo\Application Data\AVG7 2008-09-28 16:11 24 -c--a-w C:\Documents and Settings\Hugo\jagex_runescape_preferences.dat 2008-09-28 10:31 --------- dc----w C:\Documents and Settings\Hugo\Application Data\mIRC 2008-09-27 15:14 --------- dc----w C:\Documents and Settings\Hugo\Application Data\uTorrent 2008-09-18 14:43 --------- d-----w C:\Program Files\SwiftKit 2008-09-18 11:21 --------- d-----w C:\Program Files\TorrentMan 2008-09-18 11:08 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-18 11:08 --------- d-----w C:\Program Files\Kontiki 2008-09-18 10:10 --------- dc----w C:\Documents and Settings\Hugo\Application Data\skypePM 2008-09-08 23:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll 2008-09-08 18:54 --------- d-----w C:\Program Files\Microsoft.NET 2008-09-08 18:46 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-09-08 17:58 --------- dc----w C:\Documents and Settings\Hugo\Application Data\Sibelius Software 2008-09-08 17:58 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sibelius Software 2008-09-03 16:24 --------- d-----w C:\Program Files\uTorrent 2008-08-30 16:24 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-30 15:53 --------- dc----w C:\Documents and Settings\Hugo\Application Data\Vso 2008-08-30 15:38 47,360 -c--a-w C:\Documents and Settings\Hugo\Application Data\pcouffin.sys 2008-08-29 09:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 08:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-22 02:16 3,038,240 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-22 02:09 7,443,456 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-22 02:08 875,520 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-08-22 02:08 43,008 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll 2008-08-22 02:08 1,614,848 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-08-22 02:08 1,394,688 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-22 02:08 1,394,688 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2008-08-22 02:07 755,200 ------w C:\WINDOWS\system32\dllcache\VGX.dll 2008-08-22 02:07 732,672 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2008-08-22 02:07 196,096 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2008-08-22 02:07 193,536 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2008-08-22 02:07 18,944 ------w C:\WINDOWS\system32\dllcache\corpol.dll 2008-08-22 02:05 70,656 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2008-08-22 02:05 630,272 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2008-08-22 02:05 48,640 ----a-w C:\WINDOWS\system32\PrivacIE.dll 2008-08-22 02:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-08-22 02:05 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll 2008-08-22 02:05 45,056 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2008-08-22 02:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-08-22 02:05 35,840 ------w C:\WINDOWS\system32\dllcache\imgutil.dll 2008-08-22 02:05 346,624 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2008-08-22 02:05 217,088 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2008-08-22 02:05 186,880 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-08-22 02:04 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe 2008-08-22 02:00 68,608 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll 2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-08-22 01:57 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll 2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll 2008-07-29 20:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 20:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 20:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe 2008-07-29 19:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 18:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 18:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 18:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 18:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-29 18:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll 2008-07-29 18:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe 2008-07-29 18:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll 2006-03-16 04:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe . ------- Sigcheck ------- 2005-07-03 11:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll 2007-04-25 10:08 823808 431defbb4a3d7b0dc062c1b064623a2f C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll 2007-06-27 15:40 824320 d6ed5e042c5207553e7f5e842918137f C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll 2007-08-20 11:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll 2007-10-11 00:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll 2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll 2008-03-01 14:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll 2008-04-23 04:35 827392 41546b396a526918da7995a02ea04e51 C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll 2008-06-23 17:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll 2006-03-16 05:00 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll 2007-04-18 13:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\ie7\wininet.dll 2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll 2007-04-25 09:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll 2007-06-27 15:34 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll 2007-08-20 11:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll 2007-10-11 00:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll 2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll 2008-03-01 14:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll 2008-04-23 05:16 826368 f6589be784647cfdbc22ea51ccb1a57a C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll 2006-01-09 19:02 662016 dde9597a3311748c1519444e2bc147bd C:\WINDOWS\ie8\wininet.dll 2008-04-14 01:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll 2008-08-22 03:08 1394688 f8fe7c71cf9b76ab803d2c5d585454e7 C:\WINDOWS\system32\wininet.dll 2008-08-22 03:08 1394688 f8fe7c71cf9b76ab803d2c5d585454e7 C:\WINDOWS\system32\dllcache\wininet.dll .((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1235736] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2006-11-01 315904] "MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 15360] C:\Documents and Settings\Hoogoz\Start Menu\Programs\Startup\ Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll vutohn.dll [HKLM\~\startupfolder\C:^Documents and Settings^Hoogoz^Start Menu^Programs^StartUp^LimeWire On Startup.lnk] path=C:\Documents and Settings\Hoogoz\Start Menu\Programs\StartUp\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>�Ý\†Ð=ŸàÛ±Þ"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Documents and Settings\\Hoogoz\\Desktop\\utorrent.exe"= "C:\\Program Files\\Opera\\opera.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 76040] . Contents of the 'Scheduled Tasks' folder 2008-10-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{29A90FF6-9760-4905-B985-874FD760010B} - C:\WINDOWS\system32\khfeefEx.dll HKLM-Explorer_Run-oHjuEHc4kF - C:\Documents and Settings\All Users\Application Data\xexylkxq\zgvybevy.exe ShellExecuteHooks-{EBF1652D-FC54-4654-8738-55A21A0B520B} - (no file) MSConfigStartUp-CTFMON - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Hoogoz\Application Data\MOZILLA\Firefox\Profiles\am42d244.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-13 22:06:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[email protected]? ?Y???`[email protected]?[email protected] scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll . Completion time: 2008-10-13 22:07:49 ComboFix-quarantined-files.txt 2008-10-13 21:07:08 Pre-Run: 7,445,389,312 bytes free Post-Run: 7,432,433,664 bytes free 389 --- E O F --- 2008-10-11 18:06:30 Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter*. . The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Run this online scan. This scanner requires Internet Explorer* Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to INSTALL 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know how the computer is running now.# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3521 (20081014) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b8264b10c7d0b14fa7fde2a9a26da953 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-14 07:55:19 # local_time=2008-10-14 08:55:19 (+0000, GMT Standard Time) # country="United Kingdom" # osver=5.1.2600 NT Service Pack 2 # scanned=548343 # found=5 # scan_time=7305 C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip a variant of Win32/PTCasino application (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip »ZIP »Adobe_Photoshop_CS3/!bonus games/Europa Casino/SetupCasino.exe a variant of Win32/PTCasino application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Shared\Daughtry - What I Want.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 0A0A0B47E35D557D949DC5288E100D51 C:\Documents and Settings\Hugo\Shared\Daughtry-What I want.mp3 WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Hugo\Shared\pigeon detectives - this is an emergency.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned) 54DE83A7879D2090651478E37BCEF695 My PC is running my better now, no popups and everything is as quick as it EVER is Run CCleaner. Final steps, let me know if you have any questions. Set a New Restore Point to prevent POSSIBLE reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks alot! I'll definetly come back if I get any other problems. I won't ofcourse thought...

Answer»

ComboFix 08-10-12.01 - Hoogoz 2008-10-13 22:01:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT 1:00]
Running from: C:\Documents and Settings\Hoogoz\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\avgrkx86.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGRKX86
-------\Service_AvgRkx86

((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-13 21:30 . 2008-10-13 21:41      d----c---   C:\32788R22FWJFW
2008-10-13 21:08 . 2006-10-04 15:06   1,197,294   ---------   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-10-13 21:08 . 2006-10-04 15:06   764,868   ---------   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-10-13 21:08 . 2006-10-04 15:06   217,118   ---------   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-10-13 21:05 . 2008-10-13 21:05      d--------   C:\WINDOWS\system32\LogFiles
2008-10-13 21:05 . 2008-10-13 21:06      d--------   C:\WINDOWS\system32\drivers\UMDF
2008-10-13 21:05 . 2008-10-13 21:06   3,571   --a------   C:\WINDOWS\system32\spupdsvc.inf
2008-10-13 21:03 . 2008-10-13 21:03      d--------   C:\WINDOWS\LastGood
2008-10-11 17:19 . 2008-10-11 17:19      d--------   C:\Program Files\Trend Micro
2008-10-11 14:25 . 2008-10-11 14:27      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 14:25 . 2008-10-11 14:25      d----c---   C:\Documents and Settings\Hoogoz\Application Data\Malwarebytes
2008-10-11 14:25 . 2008-10-11 14:25      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 14:25 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 14:25 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 14:17 . 2008-10-11 14:17      d----c---   C:\Documents and Settings\Hoogoz\Application Data\AdobeUM
2008-10-11 12:27 . 2008-10-11 12:27      d--------   C:\Program Files\SUPERAntiSpyware
2008-10-11 12:27 . 2008-10-11 12:27      d----c---   C:\Documents and Settings\Hoogoz\Application Data\SUPERAntiSpyware.com
2008-10-11 12:27 . 2008-10-11 12:27      d----c---   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-11 12:25 . 2008-10-11 12:25      d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 12:15 . 2008-10-13 21:08   1,393   --a------   C:\WINDOWS\imsins.BAK
2008-10-11 11:23 . 2008-10-11 11:23      d----c---   C:\ERDNT
2008-10-07 21:13 . 2008-10-04 03:11      d----c---   C:\SDFix
2008-10-07 17:54 . 2008-10-07 17:54      d--------   C:\Program Files\CCleaner
2008-10-06 19:37 . 2008-10-06 19:37      d--------   C:\Program Files\MSXML 4.0
2008-10-06 18:15 . 2008-10-11 17:15      d--------   C:\Program Files\pywjwzf
2008-10-06 18:15 . 2008-10-06 18:19      d----c---   C:\Documents and Settings\All Users\Application Data\xexylkxq
2008-10-06 04:28 . 2008-06-13 14:10   272,128   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-10-06 04:28 . 2008-06-13 14:10   272,128   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-06 04:24 . 2007-07-09 14:16   582,656   ---------   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-10-06 04:17 . 2008-04-11 19:50   683,520   ---------   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-06 04:17 . 2008-05-08 13:28   202,752   ---------   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-06 04:15 . 2006-12-26 14:07   536,576   ---------   C:\WINDOWS\system32\dllcache\msado15.dll
2008-10-06 04:15 . 2006-12-19 19:16   333,824   ---------   C:\WINDOWS\system32\dllcache\wiaservc.dll
2008-10-06 04:15 . 2006-08-14 11:34   332,928   ---------   C:\WINDOWS\system32\dllcache\srv.sys
2008-10-06 04:15 . 2006-12-26 14:07   200,704   ---------   C:\WINDOWS\system32\dllcache\msadox.dll
2008-10-06 04:15 . 2006-12-26 14:07   180,224   ---------   C:\WINDOWS\system32\dllcache\msadomd.dll
2008-10-06 04:15 . 2006-12-26 14:07   102,400   ---------   C:\WINDOWS\system32\dllcache\msjro.dll
2008-10-06 04:13 . 2007-05-16 16:12   1,314,816   ---------   C:\WINDOWS\system32\dllcache\msoe.dll
2008-10-06 04:12 . 2007-04-16 16:52   984,576   ---------   C:\WINDOWS\system32\dllcache\kernel32.dll
2008-10-06 04:12 . 2007-02-09 12:10   574,464   ---------   C:\WINDOWS\system32\dllcache\ntfs.sys
2008-10-06 04:12 . 2007-12-04 19:38   550,912   ---------   C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-10-06 04:12 . 2006-05-05 10:41   453,120   ---------   C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-10-06 04:12 . 2006-05-05 10:47   174,592   ---------   C:\WINDOWS\system32\dllcache\rdbss.sys
2008-10-06 04:12 . 2008-06-20 18:41   148,992   --a------   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-10-06 04:12 . 2006-03-17 01:38   28,672   --a------   C:\WINDOWS\system32\verclsid.exe
2008-10-06 04:12 . 2006-06-26 18:37   8,192   ---------   C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-10-06 04:11 . 2007-01-23 20:29   546,304   ---------   C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-10-05 20:45 . 2008-10-05 20:45      d----c---   C:\WINDOWS\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-10-05 20:38 . 2008-10-13 22:01      d--h-c---   C:\$AVG8.VAULT$
2008-10-05 20:11 . 2008-10-12 19:05      d----c---   C:\Documents and Settings\Hoogoz\Tracing
2008-10-05 19:57 . 2008-10-05 19:57      d--------   C:\Program Files\Microsoft
2008-10-05 19:57 . 2008-10-05 19:57   38,640   --a------   C:\WINDOWS\BricoPackUninst.cmd
2008-10-05 19:56 . 2008-10-05 19:56   3,932,214   --a------   C:\WINDOWS\BricoPack Wallpaper.bmp
2008-10-05 19:55 . 2008-10-05 19:57   2,525   --a------   C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-10-05 19:54 . 2008-10-05 19:54      d--------   C:\WINDOWS\BricoPacks
2008-10-05 19:40 . 2008-10-05 19:40      d--------   C:\Program Files\Common Files\Windows Live
2008-10-05 16:40 . 2008-10-06 17:53      d----c---   C:\Documents and Settings\Hoogoz\Application Data\Flock
2008-10-05 16:36 . 2008-10-05 16:37      d--------   C:\Program Files\Opera
2008-10-05 16:23 . 2008-10-05 16:23      d----c---   C:\Documents and Settings\Hoogoz\Application Data\Sibelius Software
2008-10-05 16:21 . 2008-10-05 16:21      d--hsc---   C:\Documents and Settings\Hoogoz\PrivacIE
2008-10-05 09:38 . 2008-07-18 22:07   270,880   --a------   C:\WINDOWS\system32\mucltui.dll
2008-10-05 09:38 . 2008-07-18 22:07   210,976   --a------   C:\WINDOWS\system32\muweb.dll
2008-10-05 09:38 . 2008-07-18 22:07   29,728   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-10-04 22:39 . 2008-07-18 22:10   45,768   --a------   C:\WINDOWS\system32\wups2.dll
2008-10-04 22:39 . 2008-07-18 22:10   33,992   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-10-04 22:39 . 2008-07-18 22:09   25,800   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-04 22:39 . 2008-07-18 22:09   25,800   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-10-04 22:39 . 2008-07-18 22:08   20,680   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-01 21:49 . 2008-10-11 22:49      d----c---   C:\Documents and Settings\Hoogoz\Application Data\LimeWire
2008-10-01 20:59 . 2008-10-01 20:59   12,670   --a------   C:\WINDOWS\system32\LexFiles.ulf
2008-10-01 20:00 . 2005-08-03 10:52   65,536   -ra------   C:\WINDOWS\system32\lxcfcfg.dll
2008-10-01 20:00 . 2006-05-03 15:15   1,158   -ra------   C:\WINDOWS\system32\lxcf.loc
2008-10-01 19:59 . 2008-10-04 22:32      d----c---   C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-01 19:59 . 2008-10-01 19:59      d----c---   C:\Temp
2008-10-01 19:35 . 2008-10-01 19:35      d----c---   C:\Documents and Settings\Hoogoz\Application Data\uniblue
2008-10-01 19:27 . 2008-10-01 19:27      d--------   C:\Program Files\Uniblue
2008-10-01 19:25 . 2008-10-01 19:25      d--------   C:\WINDOWS\system32\XPSViewer
2008-10-01 19:25 . 2008-10-01 19:25      d--------   C:\Program Files\Reference Assemblies
2008-10-01 19:24 . 2008-10-01 19:25      d----c---   C:\d52dcd8cafe85a118c32484a481c
2008-10-01 19:24 . 2008-07-06 13:06   1,676,288   --a------   C:\WINDOWS\system32\xpssvcs.dll
2008-10-01 19:24 . 2008-07-06 13:06   1,676,288   ---------   C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-10-01 19:24 . 2008-07-06 11:50   597,504   ---------   C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-10-01 19:24 . 2008-07-06 13:06   575,488   --a------   C:\WINDOWS\system32\xpsshhdr.dll
2008-10-01 19:24 . 2008-07-06 13:06   575,488   ---------   C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-10-01 19:24 . 2008-07-06 13:06   117,760   --a------   C:\WINDOWS\system32\prntvpt.dll
2008-10-01 19:24 . 2008-07-06 13:06   89,088   ---------   C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-10-01 19:21 . 2008-10-01 19:21      d--------   C:\Program Files\MSXML 6.0
2008-10-01 19:05 . 2008-10-01 19:05      dr-h-c---   C:\AHCache
2008-10-01 18:55 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-10-01 18:16 . 2004-08-03 23:08   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-30 20:29 . 2008-09-30 20:29      d--h-c---   C:\WINDOWS\ie8
2008-09-30 20:25 . 2008-10-11 22:50      d----c---   C:\Documents and Settings\Hoogoz\Application Data\mIRC
2008-09-30 19:32 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-09-30 18:16 . 2008-10-01 22:11      d----c---   C:\Documents and Settings\Hoogoz\Application Data\Apple Computer
2008-09-30 18:16 . 2008-09-30 18:16      d----c---   C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:16 . 2008-04-17 13:12   107,368   --a------   C:\WINDOWS\system32\GEARAspi.dll
2008-09-30 18:16 . 2008-04-17 13:12   15,464   --a------   C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 18:14 . 2008-09-30 18:14      d--------   C:\Program Files\Apple Software Update
2008-09-30 18:14 . 2008-09-05 22:16   36,864   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-30 17:44 . 2008-10-06 19:25      d----c---   C:\Documents and Settings\Hoogoz\Application Data\uTorrent
2008-09-29 22:49 . 2008-10-13 20:45      d--------   C:\WINDOWS\system32\drivers\Avg
2008-09-29 22:49 . 2008-09-29 22:49      d--------   C:\Program Files\AVG
2008-09-29 22:49 . 2008-09-30 17:36      d----c---   C:\Documents and Settings\Hoogoz\Application Data\AVGTOOLBAR
2008-09-29 22:49 . 2008-10-06 07:39      d----c---   C:\Documents and Settings\All Users\Application Data\avg8
2008-09-29 22:49 . 2008-09-29 22:49   97,928   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-29 22:49 . 2008-09-29 22:49   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-29 22:49 . 2008-09-29 22:49   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-09-29 22:40 . 2008-10-12 19:09   24   --a--c---   C:\Documents and Settings\Hoogoz\jagex_runescape_preferences.dat
2008-09-29 22:24 . 2008-09-29 22:24   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-09-29 22:23 . 2008-10-13 21:20      d--hsc---   C:\Documents and Settings\Hoogoz\Temporary Internet Files
2008-09-29 22:23 . 2008-10-05 17:07      d--hsc---   C:\Documents and Settings\Hoogoz\History
2008-09-29 22:22 . 2008-09-29 22:22   1,712   -rahs----   C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario C300 (RT150EA#ABU)_YN_0Pres_QCND6431K9K_E433921031_46_I30 C6_SHP_V78.08_BF.05_T060814_WXP2_L409_M 1015_J80_7Intel_8T1300_91.66_#080929_N10EC8139_(RT150EA#ABU)_XMOBILE_CN10_Z_2F.05_G808627A2.MRK
2008-09-29 22:20 . 2008-10-07 17:57      d----c---   C:\Documents and Settings\Hoogoz
2008-09-29 22:18 . 2008-09-30 05:26      d----c---   C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-09-29 22:10 . 2008-10-07 17:33   90,112   --a------   C:\WINDOWS\DUMP4824.tmp
2008-09-29 22:10 . 2008-10-07 17:32   90,112   --a------   C:\WINDOWS\DUMP47f5.tmp
2008-09-29 22:10 . 2008-10-10 17:55   90,112   --a------   C:\WINDOWS\DUMP39bd.tmp
2008-09-29 22:10 . 2008-10-07 17:31   90,112   --a------   C:\WINDOWS\DUMP2b55.tmp
2008-09-27 12:48 . 2008-09-29 20:03      d----c---   C:\Documents and Settings\Hugo\Tracing
2008-09-20 16:41 . 2008-09-20 16:41      d----c---   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-20 16:32 . 2008-09-20 16:32      d--------   C:\Program Files\Yahoo!.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 19:33   ---------   d-----w   C:\Program Files\mIRC
2008-10-11 18:05   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-06 06:40   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-10-05 21:45   ---------   d-----w   C:\Program Files\DIGStream
2008-10-05 19:45   ---------   d-----w   C:\Program Files\Google
2008-10-05 18:57   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-10-05 09:01   ---------   d-----w   C:\Program Files\Windows Live
2008-10-05 08:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-04 21:32   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-04 21:32   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-10-01 20:48   ---------   d-----w   C:\Program Files\LimeWire
2008-10-01 18:25   ---------   d-----w   C:\Program Files\MSBuild
2008-10-01 17:52   ---------   d-----w   C:\Program Files\Microsoft Works
2008-09-30 18:32   ---------   d-----w   C:\Program Files\Java
2008-09-30 17:16   ---------   d-----w   C:\Program Files\iTunes
2008-09-30 17:16   ---------   d-----w   C:\Program Files\Bonjour
2008-09-30 17:15   ---------   d-----w   C:\Program Files\QuickTime
2008-09-30 17:15   ---------   d-----w   C:\Program Files\Common Files\Apple
2008-09-30 16:45   ---------   d-----w   C:\Program Files\Symantec
2008-09-30 16:34   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-30 04:43   ---------   d-----w   C:\Program Files\Sonic
2008-09-30 04:41   ---------   d-----w   C:\Program Files\RGB
2008-09-30 04:40   ---------   d-----w   C:\Program Files\NetWaiting
2008-09-30 04:39   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-30 04:39   ---------   d-----w   C:\Program Files\Intel
2008-09-30 04:38   ---------   d-----w   C:\Program Files\HP
2008-09-30 04:38   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-09-30 04:37   ---------   d-----w   C:\Program Files\ESPNMotion
2008-09-30 04:37   ---------   d-----w   C:\Program Files\EnglishOtto
2008-09-30 04:37   ---------   d-----w   C:\Program Files\Easy Internet Signup
2008-09-30 04:37   ---------   d-----w   C:\Program Files\CONEXANT
2008-09-30 04:37   ---------   d-----w   C:\Program Files\Common Files\TiVo Shared
2008-09-30 04:36   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-09-30 04:36   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2008-09-30 04:36   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-09-30 04:26   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\Sonic
2008-09-30 04:26   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\DIGStream
2008-09-30 04:26   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-29 08:10   ---------   d-----r   C:\Program Files\Net Nanny
2008-09-29 07:00   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\AVG7
2008-09-28 16:11   24   -c--a-w   C:\Documents and Settings\Hugo\jagex_runescape_preferences.dat
2008-09-28 10:31   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\mIRC
2008-09-27 15:14   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\uTorrent
2008-09-18 14:43   ---------   d-----w   C:\Program Files\SwiftKit
2008-09-18 11:21   ---------   d-----w   C:\Program Files\TorrentMan
2008-09-18 11:08   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-18 11:08   ---------   d-----w   C:\Program Files\Kontiki
2008-09-18 10:10   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\skypePM
2008-09-08 23:03   51,712   ----a-w   C:\WINDOWS\system32\sirenacm.dll
2008-09-08 18:54   ---------   d-----w   C:\Program Files\Microsoft.NET
2008-09-08 18:46   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-09-08 17:58   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\Sibelius Software
2008-09-08 17:58   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\Sibelius Software
2008-09-03 16:24   ---------   d-----w   C:\Program Files\uTorrent
2008-08-30 16:24   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-08-30 15:53   ---------   dc----w   C:\Documents and Settings\Hugo\Application Data\Vso
2008-08-30 15:38   47,360   -c--a-w   C:\Documents and Settings\Hugo\Application Data\pcouffin.sys
2008-08-29 09:18   87,336   ----a-w   C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53   61,440   ----a-w   C:\WINDOWS\system32\dnssd.dll
2008-08-22 02:16   3,038,240   ----a-w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 02:09   7,443,456   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 02:08   875,520   ----a-w   C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 02:08   43,008   ----a-w   C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:08   43,008   ------w   C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 02:08   1,614,848   ----a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 02:08   1,394,688   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08   1,394,688   ----a-w   C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 02:07   755,200   ------w   C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 02:07   732,672   ----a-w   C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 02:07   196,096   ----a-w   C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 02:07   193,536   ------w   C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 02:07   18,944   ------w   C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 02:05   70,656   ------w   C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 02:05   630,272   ------w   C:\WINDOWS\system32\dllcache\mstime.dll
2008-08-22 02:05   48,640   ----a-w   C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 02:05   48,128   ----a-w   C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:05   48,128   ------w   C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-08-22 02:05   45,056   ------w   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-08-22 02:05   35,840   ----a-w   C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:05   35,840   ------w   C:\WINDOWS\system32\dllcache\imgutil.dll
2008-08-22 02:05   346,624   ------w   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-08-22 02:05   217,088   ------w   C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-08-22 02:05   186,880   ------w   C:\WINDOWS\system32\dllcache\iepeers.dll
2008-08-22 02:04   45,568   ----a-w   C:\WINDOWS\system32\mshta.exe
2008-08-22 02:04   45,568   ------w   C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 02:00   68,608   ------w   C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 01:57   156,160   ----a-w   C:\WINDOWS\system32\msls31.dll
2008-08-22 01:57   156,160   ------w   C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-05 16:55   265,720   ----a-w   C:\WINDOWS\system32\msdbg2.dll
2008-07-29 20:10   73,720   ----a-w   C:\WINDOWS\system32\dxva2.dll
2008-07-29 20:10   493,048   ----a-w   C:\WINDOWS\system32\evr.dll
2008-07-29 20:10   26,112   ----a-w   C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 19:35   326,160   ----a-w   C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 18:59   781,344   ----a-w   C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 18:59   43,544   ----a-w   C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 18:59   161,296   ----a-w   C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 18:59   105,016   ----a-w   C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 18:24   97,800   ----a-w   C:\WINDOWS\system32\infocardapi.dll
2008-07-29 18:24   622,080   ----a-w   C:\WINDOWS\system32\icardagt.exe
2008-07-29 18:24   11,264   ----a-w   C:\WINDOWS\system32\icardres.dll
2006-03-16 04:00   60,416   --sha-w   C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
.

------- Sigcheck -------

2005-07-03 11:09 659456 6e533d155b259eb2363d3e04b5be309f   C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2007-04-25 10:08 823808 431defbb4a3d7b0dc062c1b064623a2f   C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 15:40 824320 d6ed5e042c5207553e7f5e842918137f   C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 11:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca   C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 00:47 825344 0e5d918f87efa7d2424d66b499c7eb04   C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:01 825344 b5b411bb229ae6ead7652a32ed47bfb9   C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:03 827392 6316c2f0c61271c8abdff7429174879e   C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 04:35 827392 41546b396a526918da7995a02ea04e51   C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 17:01 827904 c66402a06b83b036c195242c0c8cf83c   C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-03-16 05:00 656384 c0823fc5469663ba63e7db88f9919d70   C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2007-04-18 13:46 665600 4261ba03afd659de04f0a17dfbdd454d   C:\WINDOWS\ie7\wininet.dll
2006-11-07 21:03 818688 92995334f993e6e49c25c6d02ec04401   C:\WINDOWS\ie7updates\KB933566-IE7\wininet.dll
2007-04-25 09:41 822784 0586a7f0b2fdb94d624f399d4728e7c8   C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 15:34 823808 8068cbb58fe60cc95aeb2cff70178208   C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:04 824832 774435e499d8e9643ec961a6103c361f   C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 00:56 824832 30c1e0f34ad2972c72a01db5c74ab065   C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 03:21 824832 806d274c9a6c3aaea5eae8e4af841e04   C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 14:06 826368 ad21461aef8244edec2ef18e55e1dcf3   C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 05:16 826368 f6589be784647cfdbc22ea51ccb1a57a   C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2006-01-09 19:02 662016 dde9597a3311748c1519444e2bc147bd   C:\WINDOWS\ie8\wininet.dll
2008-04-14 01:12 666112 7a4f775abb2f1c97def3e73afa2faedd   C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
2008-08-22 03:08 1394688 f8fe7c71cf9b76ab803d2c5d585454e7   C:\WINDOWS\system32\wininet.dll
2008-08-22 03:08 1394688 f8fe7c71cf9b76ab803d2c5d585454e7   C:\WINDOWS\system32\dllcache\wininet.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1235736]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2.exe" [2006-11-01 315904]
"MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 15360]

C:\Documents and Settings\Hoogoz\Start Menu\Programs\Startup\
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll vutohn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Hoogoz^Start Menu^Programs^StartUp^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Hoogoz\Start Menu\Programs\StartUp\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>�Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\Hoogoz\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Opera\\opera.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-29 76040]
.
Contents of the 'Scheduled Tasks' folder

2008-10-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{29A90FF6-9760-4905-B985-874FD760010B} - C:\WINDOWS\system32\khfeefEx.dll
HKLM-Explorer_Run-oHjuEHc4kF - C:\Documents and Settings\All Users\Application Data\xexylkxq\zgvybevy.exe
ShellExecuteHooks-{EBF1652D-FC54-4654-8738-55A21A0B520B} - (no file)
MSConfigStartUp-CTFMON - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hoogoz\Application Data\MOZILLA\Firefox\Profiles\am42d244.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 22:06:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[email protected]? ?Y???`[email protected]?[email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
.
Completion time: 2008-10-13 22:07:49
ComboFix-quarantined-files.txt 2008-10-13 21:07:08

Pre-Run: 7,445,389,312 bytes free
Post-Run: 7,432,433,664 bytes free

389   --- E O F ---   2008-10-11 18:06:30

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to INSTALL
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

Also let me know how the computer is running now.# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3521 (20081014)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b8264b10c7d0b14fa7fde2a9a26da953
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-14 07:55:19
# local_time=2008-10-14 08:55:19 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=548343
# found=5
# scan_time=7305
C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip   a variant of Win32/PTCasino application (deleted)   00000000000000000000000000000000
C:\Documents and Settings\Hugo\Incomplete\JKAIBLHD2JG4HY3PAYT63UC7IS6XSTAU\Adobe_Photoshop_CS3.zip »ZIP »Adobe_Photoshop_CS3/!bonus games/Europa Casino/SetupCasino.exe   a variant of Win32/PTCasino application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Documents and Settings\Hugo\Shared\Daughtry - What I Want.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned)   0A0A0B47E35D557D949DC5288E100D51
C:\Documents and Settings\Hugo\Shared\Daughtry-What I want.mp3   WMA/TrojanDownloader.Wimad.N trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\Hugo\Shared\pigeon detectives - this is an emergency.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned)   54DE83A7879D2090651478E37BCEF695

My PC is running my better now, no popups and everything is as quick as it EVER is Run CCleaner.

Final steps, let me know if you have any questions.

Set a New Restore Point to prevent POSSIBLE reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thanks alot!

I'll definetly come back if I get any other problems. I won't ofcourse thought...

Solve : Virus Infection: YUR1.exe?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment