Multiple virus problems - Free Antivirus Forum

Multiple virus problems

BullGuard Antivirus Forum > Virus > Alerts & New Threats > Multiple virus problems

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

wakari
New Member

Date Joined Jun 2006
Total Posts : 21

Posted 9-7-2008 7:50 (GMT +1)

Hi Touch,

Logs posted as asked.

Seems to be working much better and all the interference has stopped since running superanti spyware and combo fix.

regards

wakari

ComboFix 08-09-04.09 - Jeff Withington 2008-09-07 10:53:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT 12:00]
Running from: C:\Documents and Settings\Jeff Withington\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter\[u]0[/u].exe
C:\Program Files\PCHealthCenter\[u]0[/u].gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\hosts
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\VIE1.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.

2008-09-07 09:58 . 2008-09-07 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 07:09 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-06 07:05 . 2008-09-07 10:58 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-09-06 07:05 . 2008-09-06 08:41 <DIR> d-------- C:\Program Files\MSA
2008-09-06 07:05 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-10 19:35 . 2008-08-10 19:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 22:57 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB1D9.tmp
2008-09-06 21:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-06 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 20:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-09-05 20:42 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\AVG7
2008-09-05 19:10 99,328 ----a-w C:\WINDOWS\Internet Logs\xDB1D8.tmp
2008-09-04 19:40 476,672 ----a-w C:\WINDOWS\Internet Logs\xDB1D7.tmp
2008-09-04 19:39 --------- d-----w C:\Program Files\Soulseek
2008-09-04 19:39 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\uTorrent
2008-09-02 09:08 195,072 ----a-w C:\WINDOWS\Internet Logs\xDB1D6.tmp
2008-09-01 10:04 493,568 ----a-w C:\WINDOWS\Internet Logs\xDB1D5.tmp
2008-08-31 15:03 1,148,928 ----a-w C:\WINDOWS\Internet Logs\xDB1D4.tmp
2008-08-31 06:35 --------- d-----w C:\Program Files\World of Warcraft
2008-08-31 04:20 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\IMVU
2008-08-30 23:15 76,800 ----a-w C:\WINDOWS\Internet Logs\xDB1D3.tmp
2008-08-30 00:06 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB1D2.tmp
2008-08-29 22:41 13,368,962 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_08_29_15_54_55_full.dmp.zip
2008-08-29 03:54 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB1D1.tmp
2008-08-27 07:02 77,824 ----a-w C:\WINDOWS\Internet Logs\xDB1D0.tmp
2008-08-26 10:57 2,896,384 ----a-w C:\WINDOWS\Internet Logs\xDB1CF.tmp
2008-08-25 20:08 925,184 ----a-w C:\WINDOWS\Internet Logs\xDB1CE.tmp
2008-08-24 16:09 95,232 ----a-w C:\WINDOWS\Internet Logs\xDB1CD.tmp
2008-08-24 00:40 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB1CC.tmp
2008-08-23 08:50 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB1CB.tmp
2008-08-22 10:55 301,056 ----a-w C:\WINDOWS\Internet Logs\xDB1CA.tmp
2008-08-21 12:27 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB1C9.tmp
2008-08-21 09:04 93,184 ----a-w C:\WINDOWS\Internet Logs\xDB1C8.tmp
2008-08-20 08:48 120,320 ----a-w C:\WINDOWS\Internet Logs\xDB1C7.tmp
2008-08-19 08:52 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB1C6.tmp
2008-08-18 09:02 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB1C5.tmp
2008-08-17 08:12 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB1C4.tmp
2008-08-16 10:30 89,600 ----a-w C:\WINDOWS\Internet Logs\xDB1C3.tmp
2008-08-15 19:29 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB1C2.tmp
2008-08-15 08:34 465,920 ----a-w C:\WINDOWS\Internet Logs\xDB1C1.tmp
2008-08-13 09:26 321,024 ----a-w C:\WINDOWS\Internet Logs\xDB1C0.tmp
2008-08-11 08:51 653,312 ----a-w C:\WINDOWS\Internet Logs\xDB1BF.tmp
2008-08-09 11:46 442,368 ----a-w C:\WINDOWS\Internet Logs\xDB1BE.tmp
2008-08-08 20:48 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB1BD.tmp
2008-08-07 08:59 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB1BC.tmp
2008-08-06 12:26 65,024 ----a-w C:\WINDOWS\Internet Logs\xDB1BB.tmp
2008-08-05 20:21 1,131,520 ----a-w C:\WINDOWS\Internet Logs\xDB1BA.tmp
2008-08-05 08:33 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB1B9.tmp
2008-08-04 11:33 2,941,952 ----a-w C:\WINDOWS\Internet Logs\xDB1B8.tmp
2008-08-02 09:54 222,208 ----a-w C:\WINDOWS\Internet Logs\xDB1B7.tmp
2008-08-01 10:27 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB1B6.tmp
2008-07-31 19:53 86,528 ----a-w C:\WINDOWS\Internet Logs\xDB1B5.tmp
2008-07-29 08:37 1,861,120 ----a-w C:\WINDOWS\Internet Logs\xDB1B4.tmp
2008-07-29 06:25 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\Hrsim
2008-07-28 17:32 210,944 ----a-w C:\WINDOWS\Internet Logs\xDB1B3.tmp
2008-07-25 23:11 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB1B2.tmp
2008-07-24 09:15 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1B1.tmp
2008-07-22 11:13 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB1B0.tmp
2008-07-22 07:40 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB1AF.tmp
2008-07-20 11:52 410,624 ----a-w C:\WINDOWS\Internet Logs\xDB1AE.tmp
2008-07-19 13:40 86,528 ----a-w C:\WINDOWS\Internet Logs\xDB1AD.tmp
2008-07-19 07:43 110,592 ----a-w C:\WINDOWS\Internet Logs\xDB1AC.tmp
2008-07-18 12:52 3,756,032 ----a-w C:\WINDOWS\Internet Logs\xDB1AB.tmp
2008-07-15 11:36 --------- d-----w C:\Program Files\Java
2008-07-14 08:35 96,768 ----a-w C:\WINDOWS\Internet Logs\xDB1AA.tmp
2008-07-12 08:47 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB1A9.tmp
2008-07-12 04:05 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB1A8.tmp
2008-07-11 21:16 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
2008-07-11 08:35 74,752 ----a-w C:\WINDOWS\Internet Logs\xDB1A6.tmp
2008-07-10 07:46 2,894,848 ----a-w C:\WINDOWS\Internet Logs\xDB1A5.tmp
2008-07-09 12:18 25,872,386 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-06 14:10 342,528 ----a-w C:\WINDOWS\Internet Logs\xDB1A4.tmp
2008-07-05 08:21 0 ----a-w C:\Documents and Settings\Jeff Withington\jagex_runescape_preferences.dat
2008-07-03 08:37 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB1A3.tmp
2008-06-29 11:40 909,824 ----a-w C:\WINDOWS\Internet Logs\xDB1A2.tmp
2008-06-27 12:46 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB1A1.tmp
2008-06-27 08:23 71,168 ----a-w C:\WINDOWS\Internet Logs\xDB1A0.tmp
2008-06-25 20:29 92,160 ----a-w C:\WINDOWS\Internet Logs\xDB19F.tmp
2008-06-24 07:58 225,792 ----a-w C:\WINDOWS\Internet Logs\xDB19E.tmp
2008-06-23 12:15 2,344,960 ----a-w C:\WINDOWS\Internet Logs\xDB19D.tmp
2008-06-22 03:41 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB19C.tmp
2008-06-21 09:06 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB19B.tmp
2008-06-20 06:59 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB19A.tmp
2008-06-19 07:59 125,952 ----a-w C:\WINDOWS\Internet Logs\xDB199.tmp
2008-06-19 03:38 107,520 ----a-w C:\WINDOWS\Internet Logs\xDB198.tmp
2008-06-18 12:03 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB197.tmp
2008-06-18 09:34 78,336 ----a-w C:\WINDOWS\Internet Logs\xDB196.tmp
2008-06-17 08:06 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB195.tmp
2008-06-16 06:26 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB194.tmp
2008-06-15 08:29 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB193.tmp
2008-06-14 08:45 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-06-13 08:54 996,352 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-06-12 03:08 140,288 ----a-w C:\WINDOWS\Internet Logs\xDB190.tmp
2008-06-11 09:37 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB18F.tmp
2008-06-11 02:51 230,912 ----a-w C:\WINDOWS\Internet Logs\xDB18E.tmp
2008-06-08 14:39 435,200 ----a-w C:\WINDOWS\Internet Logs\xDB18D.tmp
2008-06-06 08:48 524,288 ----a-w C:\WINDOWS\Internet Logs\xDB18C.tmp
2007-04-03 08:35 10,420,936 ----a-w C:\Program Files\xlviewer.exe
2006-08-03 06:26 56,584 ----a-w C:\Documents and Settings\Jeff Withington\Application Data\GDIPFONTCACHEV1.DAT
2006-04-14 05:55 0 ----a-w C:\Program Files\ewhjahk.exe
2005-06-21 23:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-01 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-09-07 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2004-04-30 356352]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2004-04-30 16384]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-22 579584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-30 77824]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 53248]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 919280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-28 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-07 09:58 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snda32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\snda64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=

HKCU-Run-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
HKCU-Run-\VIE32F.exe - C:\Windows\System32\VIE32F.exe
HKCU-Run-\VIE330.exe - C:\Windows\System32\VIE330.exe
HKCU-Run-\VIE331.exe - C:\Windows\System32\VIE331.exe
HKCU-Run-\VIE332.exe - C:\Windows\System32\VIE332.exe
HKCU-Run-\VIE1D9.exe - C:\Windows\System32\VIE1D9.exe
HKCU-Run-\VIE1DA.exe - C:\Windows\System32\VIE1DA.exe
HKCU-Run-\VIE1DB.exe - C:\Windows\System32\VIE1DB.exe
HKCU-Run-\VIE1DC.exe - C:\Windows\System32\VIE1DC.exe
HKCU-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe
HKCU-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe
HKCU-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe
HKCU-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe
HKLM-Run-EPSON Stylus CX1500 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
HKLM-Run-SpywareBot - C:\Program Files\SpywareBot\SpywareBot.exe
HKLM-Run-\VIE32F.exe - C:\Windows\System32\VIE32F.exe
HKLM-Run-\VIE330.exe - C:\Windows\System32\VIE330.exe
HKLM-Run-\VIE331.exe - C:\Windows\System32\VIE331.exe
HKLM-Run-\VIE332.exe - C:\Windows\System32\VIE332.exe
HKLM-Run-\VIE1D9.exe - C:\Windows\System32\VIE1D9.exe
HKLM-Run-\VIE1DA.exe - C:\Windows\System32\VIE1DA.exe
HKLM-Run-\VIE1DB.exe - C:\Windows\System32\VIE1DB.exe
HKLM-Run-\VIE1DC.exe - C:\Windows\System32\VIE1DC.exe
HKLM-Run-\VIE1.exe - C:\Windows\System32\VIE1.exe
HKLM-Run-\VIE2.exe - C:\Windows\System32\VIE2.exe
HKLM-Run-\VIE3.exe - C:\Windows\System32\VIE3.exe
HKLM-Run-\VIE4.exe - C:\Windows\System32\VIE4.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Window Title = ihug Internet
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 11:01:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2008-09-07 11:08:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 23:08:52

Pre-Run: 55,099,355,136 bytes free
Post-Run: 55,080,685,568 bytes free

267 --- E O F --- 2007-12-12 08:24:52

Logfile of HijackThis v1.99.1
Scan saved at 11:13:52 a.m., on 7/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jeff Withington\My Documents\hjt\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co.nz/0SEENNZ/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff Withington\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152323313593
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD150E4B-DE8B-453B-B6E4-39616E6C2337}: Domain = ihug.co.nz
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD150E4B-DE8B-453B-B6E4-39616E6C2337}: NameServer = 85.255.115.107 85.255.112.121
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 9-7-2008 8:31 (GMT +1)

Hello

Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit (reboot)

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

wakari
New Member

Date Joined Jun 2006
Total Posts : 21

Posted 9-8-2008 12:58 (GMT +1)

Hi Touch,

Logs posted as follows.

one of the continuing problems, which may be sorted with the processes being carried out, is being redirected when selecting a site from the google search, which starts with redirect, jump and then some other search site appears such as the address below:

http://www.abcjmp.com/jump2/?affiliate=nhost&subid=2008&terms=lawn%20mowers

regards

wakari

mbam log as follows:

Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 2

8/09/2008 11:30:48 a.m.
mbam-log-2008-09-08 (11-30-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 110703
Time elapsed: 2 hour(s), 39 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AdwareAlert\DataBaseNew.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\unins000.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\unins000.exe (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

and

ComboFix 08-09-04.09 - Jeff Withington 2008-09-08 11:33:02.2 - NTFSx86
Running from: C:\Documents and Settings\Jeff Withington\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-08 07:52 . 2008-09-08 07:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-08 07:52 . 2008-09-08 07:52 <DIR> d-------- C:\Documents and Settings\Jeff Withington\Application Data\Malwarebytes
2008-09-08 07:52 . 2008-09-08 07:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 07:52 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-08 07:52 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 09:58 . 2008-09-07 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 07:09 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-09-06 07:05 . 2008-09-08 11:30 <DIR> d-------- C:\Program Files\MSA
2008-09-06 07:05 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-10 19:35 . 2008-08-10 19:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 20:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-09-06 22:57 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB1D9.tmp
2008-09-06 21:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-06 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 20:42 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\AVG7
2008-09-05 19:10 99,328 ----a-w C:\WINDOWS\Internet Logs\xDB1D8.tmp
2008-09-04 19:40 476,672 ----a-w C:\WINDOWS\Internet Logs\xDB1D7.tmp
2008-09-04 19:39 --------- d-----w C:\Program Files\Soulseek
2008-09-04 19:39 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\uTorrent
2008-09-02 09:08 195,072 ----a-w C:\WINDOWS\Internet Logs\xDB1D6.tmp
2008-09-01 10:04 493,568 ----a-w C:\WINDOWS\Internet Logs\xDB1D5.tmp
2008-08-31 15:03 1,148,928 ----a-w C:\WINDOWS\Internet Logs\xDB1D4.tmp
2008-08-31 06:35 --------- d-----w C:\Program Files\World of Warcraft
2008-08-31 04:20 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\IMVU
2008-08-30 23:15 76,800 ----a-w C:\WINDOWS\Internet Logs\xDB1D3.tmp
2008-08-30 00:06 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB1D2.tmp
2008-08-29 22:41 13,368,962 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_08_29_15_54_55_full.dmp.zip
2008-08-29 03:54 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB1D1.tmp
2008-08-27 07:02 77,824 ----a-w C:\WINDOWS\Internet Logs\xDB1D0.tmp
2008-08-26 10:57 2,896,384 ----a-w C:\WINDOWS\Internet Logs\xDB1CF.tmp
2008-08-25 20:08 925,184 ----a-w C:\WINDOWS\Internet Logs\xDB1CE.tmp
2008-08-24 16:09 95,232 ----a-w C:\WINDOWS\Internet Logs\xDB1CD.tmp
2008-08-24 00:40 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB1CC.tmp
2008-08-23 08:50 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB1CB.tmp
2008-08-22 10:55 301,056 ----a-w C:\WINDOWS\Internet Logs\xDB1CA.tmp
2008-08-21 12:27 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB1C9.tmp
2008-08-21 09:04 93,184 ----a-w C:\WINDOWS\Internet Logs\xDB1C8.tmp
2008-08-20 08:48 120,320 ----a-w C:\WINDOWS\Internet Logs\xDB1C7.tmp
2008-08-19 08:52 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB1C6.tmp
2008-08-18 09:02 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB1C5.tmp
2008-08-17 08:12 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB1C4.tmp
2008-08-16 10:30 89,600 ----a-w C:\WINDOWS\Internet Logs\xDB1C3.tmp
2008-08-15 19:29 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB1C2.tmp
2008-08-15 08:34 465,920 ----a-w C:\WINDOWS\Internet Logs\xDB1C1.tmp
2008-08-13 09:26 321,024 ----a-w C:\WINDOWS\Internet Logs\xDB1C0.tmp
2008-08-11 08:51 653,312 ----a-w C:\WINDOWS\Internet Logs\xDB1BF.tmp
2008-08-09 11:46 442,368 ----a-w C:\WINDOWS\Internet Logs\xDB1BE.tmp
2008-08-08 20:48 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB1BD.tmp
2008-08-07 08:59 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB1BC.tmp
2008-08-06 12:26 65,024 ----a-w C:\WINDOWS\Internet Logs\xDB1BB.tmp
2008-08-05 20:21 1,131,520 ----a-w C:\WINDOWS\Internet Logs\xDB1BA.tmp
2008-08-05 08:33 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB1B9.tmp
2008-08-04 11:33 2,941,952 ----a-w C:\WINDOWS\Internet Logs\xDB1B8.tmp
2008-08-02 09:54 222,208 ----a-w C:\WINDOWS\Internet Logs\xDB1B7.tmp
2008-08-01 10:27 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB1B6.tmp
2008-07-31 19:53 86,528 ----a-w C:\WINDOWS\Internet Logs\xDB1B5.tmp
2008-07-29 08:37 1,861,120 ----a-w C:\WINDOWS\Internet Logs\xDB1B4.tmp
2008-07-29 06:25 --------- d-----w C:\Documents and Settings\Jeff Withington\Application Data\Hrsim
2008-07-28 17:32 210,944 ----a-w C:\WINDOWS\Internet Logs\xDB1B3.tmp
2008-07-25 23:11 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB1B2.tmp
2008-07-24 09:15 70,656 ----a-w C:\WINDOWS\Internet Logs\xDB1B1.tmp
2008-07-22 11:13 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB1B0.tmp
2008-07-22 07:40 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB1AF.tmp
2008-07-20 11:52 410,624 ----a-w C:\WINDOWS\Internet Logs\xDB1AE.tmp
2008-07-19 13:40 86,528 ----a-w C:\WINDOWS\Internet Logs\xDB1AD.tmp
2008-07-19 07:43 110,592 ----a-w C:\WINDOWS\Internet Logs\xDB1AC.tmp
2008-07-18 12:52 3,756,032 ----a-w C:\WINDOWS\Internet Logs\xDB1AB.tmp
2008-07-15 11:36 --------- d-----w C:\Program Files\Java
2008-07-14 08:35 96,768 ----a-w C:\WINDOWS\Internet Logs\xDB1AA.tmp
2008-07-12 08:47 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB1A9.tmp
2008-07-12 04:05 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB1A8.tmp
2008-07-11 21:16 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB1A7.tmp
2008-07-11 08:35 74,752 ----a-w C:\WINDOWS\Internet Logs\xDB1A6.tmp
2008-07-10 07:46 2,894,848 ----a-w C:\WINDOWS\Internet Logs\xDB1A5.tmp
2008-07-09 12:18 25,872,386 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-06 14:10 342,528 ----a-w C:\WINDOWS\Internet Logs\xDB1A4.tmp
2008-07-05 08:21 0 ----a-w C:\Documents and Settings\Jeff Withington\jagex_runescape_preferences.dat
2008-07-03 08:37 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB1A3.tmp
2008-06-29 11:40 909,824 ----a-w C:\WINDOWS\Internet Logs\xDB1A2.tmp
2008-06-27 12:46 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB1A1.tmp
2008-06-27 08:23 71,168 ----a-w C:\WINDOWS\Internet Logs\xDB1A0.tmp
2008-06-25 20:29 92,160 ----a-w C:\WINDOWS\Internet Logs\xDB19F.tmp
2008-06-24 07:58 225,792 ----a-w C:\WINDOWS\Internet Logs\xDB19E.tmp
2008-06-23 12:15 2,344,960 ----a-w C:\WINDOWS\Internet Logs\xDB19D.tmp
2008-06-22 03:41 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB19C.tmp
2008-06-21 09:06 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB19B.tmp
2008-06-20 06:59 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB19A.tmp
2008-06-19 07:59 125,952 ----a-w C:\WINDOWS\Internet Logs\xDB199.tmp
2008-06-19 03:38 107,520 ----a-w C:\WINDOWS\Internet Logs\xDB198.tmp
2008-06-18 12:03 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB197.tmp
2008-06-18 09:34 78,336 ----a-w C:\WINDOWS\Internet Logs\xDB196.tmp
2008-06-17 08:06 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB195.tmp
2008-06-16 06:26 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB194.tmp
2008-06-15 08:29 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB193.tmp
2008-06-14 08:45 80,384 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-06-13 08:54 996,352 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-06-12 03:08 140,288 ----a-w C:\WINDOWS\Internet Logs\xDB190.tmp
2008-06-11 09:37 33,792 ----a-w C:\WINDOWS\Internet Logs\xDB18F.tmp
2008-06-11 02:51 230,912 ----a-w C:\WINDOWS\Internet Logs\xDB18E.tmp
2008-06-08 14:39 435,200 ----a-w C:\WINDOWS\Internet Logs\xDB18D.tmp
2007-04-03 08:35 10,420,936 ----a-w C:\Program Files\xlviewer.exe
2006-08-03 06:26 56,584 ----a-w C:\Documents and Settings\Jeff Withington\Application Data\GDIPFONTCACHEV1.DAT
2006-04-14 05:55 0 ----a-w C:\Program Files\ewhjahk.exe
2005-06-21 23:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_11.08.17.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-06 22:59:43 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 19:45:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4