0

My cousin came over last night, and asked if he could check his email. I said sure, and went out to go eat some food with my girlfriend. I came home two hours later to find an extremely annoying virus virtually molesting my computer. If I open up an internet browser, I get a pop-up message saying my computer is infected with a dangerous virus. Also, every time I do a google search I get a result below the first one, linking to a pornographic Youtube video. Many sites do not load and are instead redirected to some BS Internet Explorer Antivirus site. I installed and ran AVG 8.0 and it only found tracking cookies, no immediate threats. I tried running a Panda scan, but every time I click the Local Disk C Icon it tells me to install an ActiveX control titled "Controles", and nothing happens when I click the icon. I also ran Combofix, which fixed nothing. Here's the HijackThis log, with the HJT exe renamed to NinjaThis. Any help would be appreciated so much, as if I have to reformat the computer I may go to jail for the murder of my cousin.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:30 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Video32 Connector - {CF9146DB-16F1-4B79-8DA1-EE14C55D5B06} - C:\WINDOWS\fop32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208215684_37863ec860c0092b6eb8bef67c4ac875&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5720 bytes

Edit: Oh, and I'm posting on my laptop since the virus wouldn't allow my computer to load DaniWeb.

3
Contributors
7
Replies
8
Views
9 Years
Discussion Span
Last Post by snryse
0

Hi,

The same thing happend to me and I am running Nortons 360 and it never identified the virus. We contacted Nortons support we could not get to their site from the infected computer so they were not able to help us. We were left to defend ourselves against this nasty one!! Here is what we did...please note that we are not computer technicians just normal humans and can not guarantee our fix. It worked for us, I hope that it will work for you too.

I got the virus when I accepted an ActiveX plugin request to a video I thought I was going to watch. I never installed anything...do not install the IE antivirus program that the pop up is referring to. If you do, you can just google it and you will find how to remove it. http://removal-tool.com/ieantivirus/ has some information on how to remove the program if it gets installed.

  • Locate the fop32.dll file on your computer. We searched for all files on the date the computer was infected, and looked for any files around the time it happened. Our file was called fop16.dll and it lived in the C:/Window folder. Rename the file because you will not be able to delete it. At this point we restarted the computer, then opened internet explorer and internet explorer was "clean again". We then deleted the renamed fop file.
  • In Internet Explorer go to the Tool>Internet Options>Programs>Manage Add-Ons. Select "add ons that have been used by Internet Explorer" and sort the list by name. Look for Video32 Connector, if you scroll to the file name column it should read fop32.dll. Disable the plug-in.
  • Edit your registry. I am using Vista so my regedit is in Accessories>Command Prompt. Type in regedit. Search for the folder CF9146DB-16F1-4B79-8DA1-EE14C55D5B06and delete it.

Good luck. This saved us from paying Symantec $100 to fix it. :cool:

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Thank you both for helping! Here is the ComboFix and HJT log (again, HJT is renamed to NinjaThis)

ComboFix 08-05-01.3 - Larry 2008-05-08 15:04:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1572 [GMT -4:00]
Running from: C:\Documents and Settings\Larry\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-08 01:20 . 2008-05-08 01:20 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-05-07 22:33 . 2008-05-07 22:33 <DIR> d-------- C:\VundoFix Backups
2008-05-07 22:33 . 2008-05-07 22:33 <DIR> d-------- C:\Program Files\CCleaner
2008-05-07 20:54 . 2008-05-07 22:33 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-07 17:16 . 2008-05-07 17:16 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-07 17:16 . 2008-05-07 17:16 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-07 17:15 . 2008-05-07 22:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-07 17:06 . 2008-05-07 17:06 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-07 17:03 . 2008-05-07 17:03 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-07 17:03 . 2008-05-07 17:03 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\Sunbelt Software
2008-05-07 17:03 . 2008-05-07 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-07 16:49 . 2008-05-07 16:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 16:49 . 2008-05-07 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 16:07 . 2008-05-07 20:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-07 15:50 . 2008-05-07 15:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 15:33 . 2008-05-07 15:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-07 15:33 . 2008-05-07 15:33 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-05-06 23:48 . 2008-05-08 14:59 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 23:48 . 2008-05-06 23:48 <DIR> d-------- C:\Program Files\AVG
2008-05-06 23:48 . 2008-05-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 23:48 . 2008-05-06 23:48 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-06 23:48 . 2008-05-06 23:48 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-06 23:48 . 2008-05-06 23:48 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-06 22:53 . 2008-05-06 22:53 211,968 --a------ C:\WINDOWS\fop32.dll
2008-04-29 23:48 . 2008-04-30 01:13 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\My Battle for Middle-earth(tm) II Files
2008-04-29 16:16 . 2008-04-29 16:16 35 --a------ C:\WINDOWS\system\cmicnfg.ini
2008-04-26 01:54 . 2008-05-06 23:03 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\Move Networks
2008-04-25 13:49 . 2008-04-25 13:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-25 13:49 . 2008-04-25 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 13:18 . 2008-04-25 15:23 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-04-25 12:36 . 2008-04-25 12:36 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-04-24 17:03 . 2008-05-08 14:58 <DIR> d-------- C:\Program Files\Steam
2008-04-23 14:23 . 2008-04-23 14:24 <DIR> d-------- C:\Program Files\Game Cam V2
2008-04-23 13:17 . 2008-05-03 23:28 268 --ah----- C:\sqmdata19.sqm
2008-04-23 13:17 . 2008-05-03 23:28 244 --ah----- C:\sqmnoopt19.sqm
2008-04-23 12:39 . 2008-05-03 12:36 268 --ah----- C:\sqmdata18.sqm
2008-04-23 12:39 . 2008-05-03 12:36 244 --ah----- C:\sqmnoopt18.sqm
2008-04-23 10:20 . 2008-05-03 00:13 244 --ah----- C:\sqmnoopt17.sqm
2008-04-23 10:20 . 2008-05-03 00:13 232 --ah----- C:\sqmdata17.sqm
2008-04-23 04:25 . 2008-05-02 22:46 268 --ah----- C:\sqmdata16.sqm
2008-04-23 04:25 . 2008-05-02 22:46 244 --ah----- C:\sqmnoopt16.sqm
2008-04-23 01:07 . 2008-05-02 10:21 268 --ah----- C:\sqmdata15.sqm
2008-04-23 01:07 . 2008-05-02 10:21 244 --ah----- C:\sqmnoopt15.sqm
2008-04-22 18:29 . 2008-04-22 18:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 16:43 . 2008-05-01 15:07 268 --ah----- C:\sqmdata14.sqm
2008-04-22 16:43 . 2008-05-01 15:07 244 --ah----- C:\sqmnoopt14.sqm
2008-04-22 14:30 . 2008-05-01 01:48 268 --ah----- C:\sqmdata13.sqm
2008-04-22 14:30 . 2008-05-01 01:48 244 --ah----- C:\sqmnoopt13.sqm
2008-04-22 04:10 . 2008-04-30 14:49 268 --ah----- C:\sqmdata12.sqm
2008-04-22 04:10 . 2008-04-30 14:49 244 --ah----- C:\sqmnoopt12.sqm
2008-04-21 12:40 . 2008-04-29 14:08 268 --ah----- C:\sqmdata11.sqm
2008-04-21 12:40 . 2008-04-29 14:08 244 --ah----- C:\sqmnoopt11.sqm
2008-04-20 20:19 . 2008-04-29 01:55 268 --ah----- C:\sqmdata10.sqm
2008-04-20 20:19 . 2008-04-29 01:55 244 --ah----- C:\sqmnoopt10.sqm
2008-04-20 03:37 . 2008-04-28 23:43 268 --ah----- C:\sqmdata09.sqm
2008-04-20 03:37 . 2008-04-28 23:43 244 --ah----- C:\sqmnoopt09.sqm
2008-04-20 01:53 . 2008-04-26 14:27 268 --ah----- C:\sqmdata08.sqm
2008-04-20 01:53 . 2008-04-26 14:27 244 --ah----- C:\sqmnoopt08.sqm
2008-04-19 14:05 . 2008-05-08 15:02 268 --ah----- C:\sqmdata07.sqm
2008-04-19 14:05 . 2008-05-08 15:02 244 --ah----- C:\sqmnoopt07.sqm
2008-04-18 23:17 . 2008-05-08 01:19 268 --ah----- C:\sqmdata06.sqm
2008-04-18 23:17 . 2008-05-08 01:19 244 --ah----- C:\sqmnoopt06.sqm
2008-04-17 19:32 . 2008-05-07 22:32 268 --ah----- C:\sqmdata05.sqm
2008-04-17 19:32 . 2008-05-07 22:32 244 --ah----- C:\sqmnoopt05.sqm
2008-04-17 12:06 . 2008-05-07 21:50 268 --ah----- C:\sqmdata04.sqm
2008-04-17 12:06 . 2008-05-07 21:50 244 --ah----- C:\sqmnoopt04.sqm
2008-04-16 14:56 . 2008-05-07 15:28 268 --ah----- C:\sqmdata03.sqm
2008-04-16 14:56 . 2008-05-07 15:28 244 --ah----- C:\sqmnoopt03.sqm
2008-04-15 20:24 . 2008-05-06 17:48 244 --ah----- C:\sqmnoopt02.sqm
2008-04-15 20:24 . 2008-05-06 17:48 232 --ah----- C:\sqmdata02.sqm
2008-04-15 14:27 . 2008-05-06 15:03 268 --ah----- C:\sqmdata01.sqm
2008-04-15 14:27 . 2008-05-06 15:03 244 --ah----- C:\sqmnoopt01.sqm
2008-04-14 19:39 . 2008-04-14 19:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-14 19:27 . 2008-04-14 19:27 <DIR> d-------- C:\WINDOWS\Sun
2008-04-14 19:07 . 2008-04-14 19:07 <DIR> d-------- C:\Documents and Settings\Larry\Application Data\Processing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 01:40 --------- d-----w C:\Documents and Settings\Larry\Application Data\Xfire
2008-05-02 02:41 --------- d-----w C:\Program Files\Xfire
2008-04-30 20:25 --------- d-----w C:\Documents and Settings\Larry\Application Data\LimeWire
2008-04-30 03:32 --------- d-----w C:\Program Files\Electronic Arts
2008-04-25 19:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-25 17:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 16:55 --------- d-----w C:\Documents and Settings\Larry\Application Data\IGN_DLM
2008-04-25 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 18:04 --------- d-----w C:\Program Files\World of Warcraft
2008-04-15 05:33 --------- d-----w C:\Program Files\Guitar Speed Trainer
2008-04-14 23:27 --------- d-----w C:\Program Files\Java
2008-04-12 00:08 --------- d-----w C:\Program Files\AIM
2008-04-07 05:48 --------- d-----w C:\Program Files\LimeWire
2008-04-07 05:47 --------- d-----w C:\Program Files\Common Files\Java
2008-03-31 23:07 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-31 02:50 --------- d-----w C:\Program Files\Windows Live
2008-03-31 02:49 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-31 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-30 05:59 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-30 05:54 --------- d-----w C:\Program Files\AOD
2008-03-30 05:54 --------- d-----w C:\Documents and Settings\Larry\Application Data\Aim
2008-03-26 20:09 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-26 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-26 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-03-19 21:18 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-03-19 21:09 --------- d-----w C:\Documents and Settings\Larry\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-19 20:22 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-03-19 20:22 --------- d-----w C:\Program Files\Audio Simulation
2008-03-19 20:20 --------- d-----w C:\Program Files\Vstplugins
2008-03-19 20:20 --------- d-----w C:\Program Files\FLStudio4
2008-03-18 18:54 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-18 18:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-18 04:02 --------- d-----w C:\Program Files\NaturalMotion
2008-03-18 04:00 --------- d-----w C:\Program Files\Guitar Pro 5
2008-03-18 03:32 --------- d-----w C:\Program Files\TechSmith
2008-03-18 03:29 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-03-18 03:28 --------- d-----w C:\Program Files\Macromedia
2008-03-18 03:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 00:53 --------- d-----w C:\Documents and Settings\Larry\Application Data\Ventrilo
2008-03-18 00:47 --------- d-----w C:\Program Files\Download Manager
2008-03-18 00:42 --------- d-----w C:\Program Files\Ventrilo
2008-03-18 00:32 --------- d-----w C:\Documents and Settings\Larry\Application Data\Viewpoint
2008-03-18 00:12 --------- d-----w C:\Program Files\SOYO
2008-03-17 23:37 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-17 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-17 23:26 --------- d-----w C:\Documents and Settings\Larry\Application Data\acccore
2008-03-17 23:25 --------- d-----w C:\Program Files\Viewpoint
2008-03-17 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-17 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-17 23:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-17 23:18 348,160 ------w C:\WINDOWS\system32\msvcr71.dll
2008-03-17 23:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-17 22:34 --------- d-----w C:\Program Files\NVIDIA
2008-03-17 22:27 --------- d-----w C:\Program Files\Intel
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-06_23.52.09.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
- 2008-05-06 18:38:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 18:57:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 14:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-05-07 21:03:30 19,230 ----a-r C:\WINDOWS\Installer\{7136FE70-D1A9-42A5-9BBD-87C440701D9F}\ARPPRODUCTICON.exe
- 2008-03-31 23:07:28 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-08 05:22:20 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-31 23:07:28 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-08 05:22:20 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-31 23:07:28 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-08 05:22:20 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-31 23:07:28 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-08 05:22:20 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-31 23:07:28 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-08 05:22:20 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-31 23:07:28 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-08 05:22:20 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-31 23:07:28 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-08 05:22:20 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-31 23:07:28 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-08 05:22:20 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-31 23:07:28 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-08 05:22:20 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-31 23:07:28 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-08 05:22:20 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-31 23:07:28 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-08 05:22:20 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-31 23:07:28 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-08 05:22:20 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-31 23:07:28 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-08 05:22:20 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2006-08-02 16:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
+ 2006-12-28 20:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 14:51:48 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 22:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2006-10-30 14:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
- 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2005-11-02 14:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
- 2008-03-05 13:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 14:51:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2005-11-02 14:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
- 2008-05-06 19:04:33 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-08 19:01:33 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-06 19:04:33 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-08 19:01:33 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2003-02-21 11:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
+ 2008-05-08 02:33:32 1,099,196 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-08-27 14:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
+ 2005-11-02 14:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
- 2006-01-19 19:29:19 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2006-06-22 18:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}]
2008-05-06 22:53 211968 --a------ C:\WINDOWS\fop32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57 1103480]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-24 18:25 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-06 23:48 1177368]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]

C:\Documents and Settings\Larry\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-22 18:29:52 2998608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Larry\\My Documents\\WoW-BurningCrusade-enUS-Installer-downloader.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\steamapps\\neitro420\\counter-strike\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-07 17:06]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-06 23:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-06 23:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 23:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-06 23:48]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Cdstart.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 15:05:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 15:05:55
ComboFix-quarantined-files.txt 2008-05-08 19:05:53
ComboFix2.txt 2008-05-08 01:56:22
ComboFix3.txt 2008-05-07 03:52:20

Pre-Run: 224,534,847,488 bytes free
Post-Run: 224,528,756,736 bytes free

429 --- E O F --- 2008-05-08 05:22:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:26 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Video32 Connector - {CF9146DB-16F1-4B79-8DA1-EE14C55D5B06} - C:\WINDOWS\fop32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1208215684_37863ec860c0092b6eb8bef67c4ac875&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4610 bytes


Edit: I found and tried renaming the fop32.dll but it says some program is using it, any ideas?

0

Snryse I love you. I went into safe mode and found the file, and then renamed it, loaded up internet explorer, and havent had any problems. Now I'm in the Manage addons tab, which would crash pre-rename.

EDIT: YOU ARE MY HERO! It's gone! God I'm so happy to have this off my computer. Sorry Crunchie, I did what you said but also tried Snryse's method, and that works so far. I'll do whatever you want as well, but as far as I know so far, this problem has been solved.

0

Glad to have been able to help, I know how frustrating it is to be hit with the virus.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.