 [Resolved] Websites automatically forward, internet searches not |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jul 1 2009, 12:05 AM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP  |
Malwarebytes' Anti-Malware 1.38 Database version: 2356 Windows 5.1.2600 Service Pack 2 6/30/2009 4:43:03 PM mbam-log-2009-06-30 (16-43-03).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 162852 Time elapsed: 32 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ttool (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\elaine sang\local settings\temporary internet files\Content.IE5\W6DQ0Q18\load[1].php (Trojan.TDSS) -> Quarantined and deleted successfully. c:\documents and settings\Elaine Sang\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. |
 |
 
|
|
Replies
(1 - 14)
|
Jul 1 2009, 02:19 AM
Post
#2
|
|
 SuperHelper  Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Hi,
Please download DDS and save it to your desktop.
Download the GMER Rootkit Scanner. Unzip it to your Desktop. Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Right-click gmer.exe and select Run As Administrator. The program will begin to run. **Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised! If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
|
|
|
|
|
Jul 1 2009, 03:49 PM
Post
#3
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
Hi, thank you for your response. I appreciate it! Here are the requested logs:
DDS.txt DDS (Ver_09-06-26.01) - NTFSx86 Run by Elaine Sang at 17:32:18.04 on Wed 07/01/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1571 [GMT -4:00] AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Elaine Sang\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe" uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: musicmatch.com\online DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\elaine~1\applic~1\mozilla\firefox\profiles\lsvyk9hr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - plugin: c:\documents and settings\elaine sang\application data\mozilla\firefox\profiles\lsvyk9hr.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-11 11608] R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-11 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-11 151297] R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-11 52056] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408] S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-7-18 102463] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2009-06-22 17:07 <DIR> --d----- c:\program files\Keepsake Countdown 2009-06-15 06:14 <DIR> --d----- c:\windows\system32\Adobe 2009-06-06 21:31 97,342 a------- c:\windows\system32\drivers\74d6c41e.sys 2009-06-04 04:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm 2009-06-04 04:43 <DIR> --d----- c:\program files\Last.fm ==================== Find3M ==================== 2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-04-12 23:15 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-13 23:01 88 ---shr-- c:\windows\system32\D0E5FBB671.sys 2009-03-13 23:01 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 17:34:21.81 =============== GMER.txt GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-01 17:45:23 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 8933B730 ZwEnumerateKey Code 8933B588 ZwFlushInstructionCache Code 89430386 IofCallDriver Code 892E4C8E IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 8943038B .text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 892E4C93 PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 8933B58C PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE0 5 Bytes JMP 8933B734 ? C:\WINDOWS\System32\drivers\74d6c41e.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[144] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0075000A .text C:\Program Files\Digital Line Detect\DLG.exe[180] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 08B6000A .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[224] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00FB000A .text C:\Program Files\Canon\CAL\CALMAIN.exe[400] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0069000A .text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[488] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003F000A .text ... ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 74d6c41e.sys Device \Driver\Tcpip \Device\Ip 74d6c41e.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Tcpip \Device\Tcp 74d6c41e.sys Device \Driver\Tcpip \Device\Udp 74d6c41e.sys Device \Driver\Tcpip \Device\RawIp 74d6c41e.sys Device \Driver\Tcpip \Device\IPMULTICAST 74d6c41e.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
Attached File(s)
|
|
|
|
|
Jul 2 2009, 04:37 AM
Post
#4
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Hi,
I notice you are using Limewire. Limewire is very good at bringing infections onto a system, so I recommend you consider removing it. Download ComboFix by sUBs from here or here Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy. **Save it to your desktop** We need to disable one or more of your security programs so that they do not interfere with ComboFix. AVIRA ANTIVIR Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this:  )
Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes. When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log Notes:
|
|
|
|
)|
Jul 6 2009, 11:19 PM
Post
#5
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
Sorry it took me so long to respond. I was away for the holiday weekend. I ran CF, and it rebooted twice during the scan. I did deactivate AntiVir, but after each of the reboots, it activated on its own, so I don't know if that affects anything? Also, after the first reboot during CF, AntiVir produced a pop-up warning saying that it detected the file C:\ComboFix\N_\30460 contained the code Eicar-Test-Signature, so I selected "Deny Access." Again, I'm not sure if that affects anything. Here is the CF log:
ComboFix log ComboFix 09-07-06.02 - Elaine Sang 07/07/2009 0:58.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1623 [GMT -4:00] Running from: c:\documents and settings\Elaine Sang\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\13b54e.msi c:\windows\Installer\5bc38.msi c:\windows\system32\drivers\74d6c41e.sys c:\windows\system32\drivers\hjgruicskcogyt.sys c:\windows\system32\hjgruilmokhotp.dll c:\windows\system32\hjgruisefkicof.dll c:\windows\system32\hjgruitlqdhqeu.dat c:\windows\system32\hjgruiwnhcyxtp.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruiisivbpxc -------\Service_74d6c41e ((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))))) . 2009-06-30 20:06 . 2009-06-30 20:06 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-22 21:07 . 2009-06-22 21:07 -------- d-----w- c:\program files\Keepsake Countdown 2009-06-22 21:07 . 2009-06-22 21:07 38208 ----a-w- c:\documents and settings\Elaine Sang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-22 21:07 . 2009-06-22 21:07 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-15 10:14 . 2009-06-15 10:14 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-07 05:07 . 2009-04-12 03:28 117760 ----a-w- c:\documents and settings\Elaine Sang\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-07 04:46 . 2008-11-14 03:23 -------- d-----w- c:\documents and settings\Elaine Sang\Application Data\LimeWire 2009-06-30 20:06 . 2009-04-12 06:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-29 18:20 . 2008-12-17 07:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-28 05:58 . 2007-05-31 03:35 -------- d-----w- c:\documents and settings\Victor Ssang\Application Data\LimeWire 2009-06-24 19:12 . 2007-01-23 03:22 -------- d--h--w- c:\documents and settings\Elaine Sang\Application Data\Move Networks 2009-06-17 15:27 . 2009-04-12 06:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2009-04-12 06:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 08:44 . 2009-06-04 08:44 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-06-04 08:44 . 2009-06-04 08:44 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe 2009-06-04 08:44 . 2009-06-04 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm 2009-06-04 08:44 . 2008-09-14 21:01 -------- d-----w- c:\program files\iTunes 2009-06-04 08:43 . 2009-06-04 08:43 -------- d-----w- c:\program files\Last.fm 2009-06-02 01:42 . 2006-07-12 17:56 -------- d-----w- c:\program files\Google 2009-06-02 01:40 . 2009-06-02 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-05-28 01:56 . 2009-03-11 09:43 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-13 03:15 . 2009-04-13 03:15 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-13 03:14 . 2009-04-13 03:14 152576 ----a-w- c:\documents and settings\Elaine Sang\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-09 00:46 . 2009-04-09 00:45 965344 ----a-w- c:\documents and settings\Elaine Sang\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe 2009-03-14 03:01 . 2006-08-05 18:01 88 --sh--r- c:\windows\system32\D0E5FBB671.sys 2009-03-14 03:01 . 2006-08-05 18:01 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe [7] 2004-08-04 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe [7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [7] 2004-08-04 10:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll [-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll [7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll [7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll [-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll [7] 2004-08-04 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll [7] 2006-01-09 18:02 662016 DDE9597A3311748C1519444E2BC147BD c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll [7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll [7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll [7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll [7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll [7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll [7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll [7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll [7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2006-01-09 18:08 658432 D9E3F8440D208698B3F0E5CFAC26DAA1 c:\windows\$NtUninstallKB912945$\wininet.dll [7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll [7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll [7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB922760$\wininet.dll [7] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll [7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll [7] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll [7] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll [7] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll [7] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB939653$\wininet.dll [7] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$NtUninstallKB942615$\wininet.dll [7] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$NtUninstallKB944533$\wininet.dll [7] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$NtUninstallKB947864$\wininet.dll [7] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$NtUninstallKB950759$\wininet.dll [7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$NtUninstallKB953838$\wininet.dll [7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$NtUninstallKB956390$\wininet.dll [7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$NtUninstallKB958215$\wininet.dll [7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\ie7\wininet.dll [7] 2007-08-13 23:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB958215-IE7\wininet.dll [7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\system32\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\system32\dllcache\wininet.dll [7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2004-08-04 10:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys [-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe [7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe [-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys [7] 2004-08-04 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys [7] 2004-08-04 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe [7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [7] 2005-06-23 00:05 2015744 65F4B29A0793ADB5D924FB3F47F1BCA4 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [7] 2006-12-19 16:12 2017280 FA64F313F5237C53A909906113ACAE7D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [7] 2008-08-14 09:18 2020864 501FDE895F35DF1DAE49FD54BBF9D396 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [7] 2007-02-28 09:15 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe [7] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\system32\ntkrnlpa.exe [7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe [7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [7] 2005-06-23 00:30 2136064 5611F453C6D20AB0552956F39BCDDB88 c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [7] 2006-12-19 16:49 2137600 57B9D140E1EB8B0EA06DF927B63B0EEE c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [7] 2008-08-14 09:55 2142720 60794EA12961B7341AD54C731B50AE15 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [7] 2007-02-28 09:53 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe [7] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\system32\ntoskrnl.exe [7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\system32\dllcache\ntoskrnl.exe [7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe [7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [7] 2004-08-04 10:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe [7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe [7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [7] 2004-08-04 10:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe [7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\services.exe [7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\dllcache\services.exe [-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe [7] 2004-08-04 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe [-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe [7] 2004-08-04 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe [7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe [7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe [-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wuauclt.exe [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe [-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe [7] 2004-08-04 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe [-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll [7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll [7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [7] 2004-08-04 10:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll [7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll [7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll [7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll [7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll [-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll [7] 2004-08-04 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll [-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll [7] 2004-08-04 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll [-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll [7] 2004-08-04 10:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll [-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys [7] 2004-08-04 03:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-14_04.51.52 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-07 05:05 . 2009-07-07 05:05 16384 c:\windows\TEMP\Perflib_Perfdata_dc.dat - 2006-07-19 03:00 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe + 2006-07-19 03:00 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe - 2008-04-03 04:11 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2008-04-03 04:11 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll - 2004-08-10 17:51 . 2004-08-04 10:00 55808 c:\windows\system32\secur32.dll + 2004-08-10 17:51 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll + 2004-08-10 17:51 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe - 2004-08-10 17:51 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll + 2004-08-10 17:51 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll - 2004-08-10 17:51 . 2009-03-11 09:20 55526 c:\windows\system32\perfc009.dat + 2004-08-10 17:51 . 2009-04-16 07:14 55526 c:\windows\system32\perfc009.dat + 2004-08-10 18:01 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll + 2004-08-10 17:51 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll - 2004-08-10 17:51 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll + 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll - 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll - 2004-08-10 18:01 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll + 2004-08-10 18:01 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll + 2004-08-10 18:01 . 2004-08-04 10:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat + 2008-11-27 13:31 . 2008-11-27 13:31 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll - 2008-02-27 03:03 . 2008-01-03 23:22 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll + 2008-11-27 13:31 . 2008-11-27 13:31 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll - 2008-02-27 03:03 . 2008-01-03 23:22 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe + 2008-11-27 13:31 . 2008-11-27 13:31 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe + 2008-11-27 13:31 . 2008-11-27 13:31 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll - 2008-02-27 03:03 . 2008-01-03 23:20 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll + 2009-03-16 08:59 . 2009-03-16 08:59 53248 c:\windows\system32\Macromed\Common\SwSupport.dll - 2008-02-27 03:03 . 2008-01-03 23:22 53248 c:\windows\system32\Macromed\Common\SwSupport.dll + 2004-08-10 17:51 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll - 2004-08-10 17:51 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll + 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe - 2007-08-13 23:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe + 2004-08-10 17:51 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll - 2004-08-10 17:51 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll + 2004-08-10 17:51 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll - 2004-08-10 17:51 . 2007-08-13 23:45 78336 c:\windows\system32\ieencode.dll - 2004-08-10 17:51 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe + 2004-08-10 17:51 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe + 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll - 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll + 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll + 2009-04-16 05:05 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe - 2006-05-10 05:25 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll + 2006-05-10 05:25 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll - 2008-12-22 20:06 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-22 20:06 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll + 2006-05-10 05:25 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll - 2006-05-10 05:25 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll + 2008-12-22 20:06 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe - 2008-12-22 20:06 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe - 2007-08-13 23:39 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll + 2007-08-13 23:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll - 2007-08-13 23:45 . 2007-08-13 23:45 78336 c:\windows\system32\dllcache\ieencode.dll + 2007-08-13 23:45 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll - 2007-08-13 23:39 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2007-08-13 23:39 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-22 20:06 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll - 2008-12-22 20:06 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll + 2009-04-16 05:05 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll + 2006-07-18 19:43 . 2009-07-06 17:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-07-18 19:43 . 2006-07-18 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-07-18 19:43 . 2006-07-18 19:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-07-18 19:43 . 2009-07-06 17:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-07-18 19:43 . 2006-07-18 19:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2006-07-18 19:43 . 2009-07-06 17:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2004-08-10 18:01 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll + 2004-08-10 18:01 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll + 2009-06-15 10:14 . 2009-06-15 10:14 78571 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe + 2009-04-29 10:17 . 2009-04-29 10:17 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll + 2009-04-29 10:17 . 2009-04-29 10:17 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll + 2009-06-22 21:07 . 2009-06-22 21:07 20480 c:\windows\Installer\67e69b.msi + 2009-06-22 21:07 . 2009-06-22 21:07 26624 c:\windows\Installer\67e696.msi + 2008-08-12 06:01 . 2008-08-12 06:01 54272 c:\windows\Installer\205f5ac.msi + 2007-01-31 21:19 . 2007-01-31 21:19 94208 c:\windows\Installer\17712d0.msi + 2006-07-12 17:45 . 2006-07-12 17:45 72704 c:\windows\Installer\16faf.msi + 2006-07-12 17:44 . 2006-07-12 17:44 55296 c:\windows\Installer\16fa7.msi + 2009-04-16 07:02 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll + 2009-04-16 07:02 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll + 2009-04-16 07:02 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll + 2009-04-16 07:02 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe + 2009-04-16 07:02 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll + 2009-04-16 07:02 . 2007-08-13 23:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll + 2009-04-16 07:02 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe + 2009-04-16 07:02 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll + 2009-04-16 07:03 . 2004-08-04 10:00 55808 c:\windows\$NtUninstallKB959426$\secur32.dll + 2009-04-16 07:02 . 2004-08-04 10:00 31232 c:\windows\$NtUninstallKB956572$\sc.exe + 2009-04-16 07:02 . 2005-07-26 04:39 60416 c:\windows\$NtUninstallKB956572$\colbact.dll + 2009-04-16 07:01 . 2006-03-01 19:42 91136 c:\windows\$NtUninstallKB952004$\mtxoci.dll + 2009-04-16 07:01 . 2006-03-01 19:42 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll + 2009-04-16 07:01 . 2004-08-04 10:00 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll + 2009-04-16 07:02 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB963027-IE7\update\spcustom.dll + 2009-04-16 07:02 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB963027-IE7\spmsg.dll + 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\pngfilt.dll + 2009-02-20 18:09 . 2009-02-20 18:09 52224 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\msfeedsbs.dll + 2009-02-20 18:09 . 2009-02-20 18:09 27648 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\jsproxy.dll + 2009-02-20 10:24 . 2009-02-20 10:24 13824 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieudinit.exe + 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iernonce.dll + 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieencode.dll + 2009-02-20 10:24 . 2009-02-20 10:24 70656 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ie4uinit.exe + 2009-02-20 18:09 . 2009-02-20 18:09 63488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\icardie.dll + 2009-04-16 07:03 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB961373\update\spcustom.dll + 2009-04-16 07:03 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB961373\spmsg.dll + 2009-04-16 07:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll + 2009-04-16 07:01 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB960803\spmsg.dll + 2009-04-16 07:03 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll + 2009-04-16 07:03 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB959426\spmsg.dll + 2009-02-04 09:12 . 2009-02-04 09:12 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll + 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\$hf_mig$\KB959426\SP3GDR\secur32.dll + 2009-02-03 19:52 . 2009-02-03 19:52 56320 c:\windows\$hf_mig$\KB959426\SP2QFE\secur32.dll + 2009-04-16 07:02 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB956572\update\spcustom.dll + 2009-04-16 07:02 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB956572\spmsg.dll + 2009-04-16 05:05 . 2009-02-06 10:36 35328 c:\windows\$hf_mig$\KB956572\SP3QFE\sc.exe + 2009-04-16 05:05 . 2009-02-06 10:39 35328 c:\windows\$hf_mig$\KB956572\SP3GDR\sc.exe + 2009-04-16 07:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll + 2009-04-16 07:01 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB952004\spmsg.dll + 2008-06-12 14:09 . 2008-06-12 14:09 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll + 2008-06-12 14:09 . 2008-06-12 14:09 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll + 2008-06-12 14:09 . 2008-06-12 14:09 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll + 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxoci.dll + 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\$hf_mig$\KB952004\SP3GDR\mtxclu.dll + 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtclog.dll + 2008-06-12 13:47 . 2008-06-12 13:47 91648 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxoci.dll + 2008-06-12 13:47 . 2008-06-12 13:47 66560 c:\windows\$hf_mig$\KB952004\SP2QFE\mtxclu.dll + 2008-06-12 13:47 . 2008-06-12 13:47 58880 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtclog.dll + 2009-04-16 07:01 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB923561\update\spcustom.dll + 2009-04-16 07:01 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB923561\spmsg.dll + 2009-04-16 05:05 . 2009-03-25 05:54 39424 c:\windows\$hf_mig$\KB923561\SP2QFE\acadproc.dll + 2004-08-10 17:50 . 2004-08-04 10:00 4224 c:\windows\system32\dllcache\beep.sys + 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2009-04-16 05:05 . 2008-05-03 11:55 2560 c:\windows\$hf_mig$\KB923561\SP3QFE\xpsp4res.dll + 2009-04-16 05:05 . 2008-05-03 11:55 2560 c:\windows\$hf_mig$\KB923561\SP3GDR\xpsp4res.dll - 2004-08-10 17:51 . 2004-08-04 10:00 351232 c:\windows\system32\winhttp.dll + 2004-08-10 17:51 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll - 2004-08-10 17:51 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll + 2004-08-10 17:51 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll + 2004-08-10 18:01 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe + 2004-08-10 18:01 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2004-08-10 18:01 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll + 2004-08-10 17:51 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll - 2004-08-10 17:51 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll + 2004-08-10 17:51 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll + 2006-07-22 19:34 . 2009-06-10 02:16 142220 c:\windows\system32\Restore\rstrlog.dat - 2004-08-10 17:51 . 2009-03-11 09:20 388068 c:\windows\system32\perfh009.dat + 2004-08-10 17:51 . 2009-04-16 07:14 388068 c:\windows\system32\perfh009.dat + 2004-08-10 17:51 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll + 2004-08-10 17:51 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll - 2004-08-10 17:51 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll + 2004-08-10 17:51 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll - 2004-08-10 17:51 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll + 2004-08-10 17:51 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll + 2004-08-10 17:51 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll - 2004-08-10 17:51 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll - 2004-08-10 17:51 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll + 2004-08-10 17:51 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll + 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll - 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll + 2004-08-10 18:01 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll + 2004-08-10 18:01 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll + 2004-08-10 18:01 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll + 2008-11-27 13:31 . 2008-11-27 13:31 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll - 2008-02-27 03:03 . 2008-01-03 23:11 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll + 2008-11-27 13:31 . 2008-11-27 13:31 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll - 2008-02-27 03:03 . 2008-01-03 23:19 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll - 2008-02-27 03:03 . 2008-01-03 23:18 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll + 2008-11-27 13:31 . 2008-11-27 13:31 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll + 2008-11-27 13:31 . 2008-11-27 13:31 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll + 2008-11-27 13:31 . 2008-11-27 13:31 581632 c:\windows\system32\Macromed\Shockwave 10\Control.dll - 2008-02-27 03:03 . 2008-01-03 23:19 581632 c:\windows\system32\Macromed\Shockwave 10\Control.dll + 2004-08-10 17:51 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll + 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll + 2004-08-10 17:51 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll + 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll - 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll - 2004-08-10 17:51 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll + 2004-08-10 17:51 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll - 2004-08-10 17:51 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll + 2004-08-10 17:51 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll - 2004-08-10 17:51 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll + 2004-08-10 17:51 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll + 2004-08-10 17:51 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll - 2004-08-10 17:51 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll + 2004-08-10 17:51 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll - 2004-08-10 17:51 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll + 2004-08-10 17:51 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll - 2004-08-10 17:51 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll + 2009-04-16 05:05 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe + 2009-04-16 05:05 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2009-02-10 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll - 2007-08-13 23:54 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll + 2007-08-13 23:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll - 2007-08-13 23:44 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll + 2007-08-13 23:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll + 2009-04-16 05:05 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll + 2009-04-16 05:05 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll + 2007-08-13 23:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll - 2007-08-13 23:44 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll + 2009-04-16 05:05 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll + 2006-05-10 05:25 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll - 2006-05-10 05:25 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll + 2006-05-10 05:25 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll - 2006-05-10 05:25 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll + 2006-05-10 05:25 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll - 2006-05-10 05:25 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll - 2008-12-22 20:06 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-12-22 20:06 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll + 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll + 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll + 2006-08-17 12:28 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll + 2007-08-13 23:43 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe + 2008-12-22 20:06 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll + 2007-08-13 23:39 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-22 20:06 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll - 2008-12-22 20:06 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll - 2007-08-13 22:56 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll + 2007-08-13 22:56 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll - 2007-08-13 23:39 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll + 2007-08-13 23:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll - 2007-08-13 23:39 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll + 2007-08-13 23:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll + 2009-04-16 05:05 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll + 2006-05-10 05:25 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll - 2006-05-10 05:25 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll - 2006-05-10 05:25 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll + 2006-05-10 05:25 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll + 2006-05-10 05:25 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2006-05-10 05:25 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2007-08-13 23:39 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll + 2007-08-13 23:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll + 2009-04-16 05:05 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll - 2004-08-10 17:50 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll + 2004-08-10 17:50 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll + 2004-08-10 17:50 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll + 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe + 2009-04-29 10:28 . 2009-04-29 10:28 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe + 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll + 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2009-04-29 10:17 . 2009-04-29 10:17 716800 c:\windows\system32\Adobe\Shockwave 11\gi.dll + 2009-04-28 10:26 . 2009-04-28 10:26 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll + 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\system32\Adobe\Director\SwDir.dll + 2009-04-28 10:25 . 2009-04-28 10:25 131072 c:\windows\system32\Adobe\Director\np32dsw.dll + 2006-07-12 17:39 . 2005-12-28 04:21 625152 c:\windows\Installer\iProData\mWMI.msi + 2006-07-12 17:39 . 2005-12-28 04:21 348256 c:\windows\Installer\iProData\mWlsSafe.msi + 2006-07-12 17:39 . 2005-12-28 04:20 507392 c:\windows\Installer\iProData\mTrace.msi + 2006-07-12 17:39 . 2005-12-28 04:19 669696 c:\windows\Installer\iProData\mSDK.msi + 2006-07-12 17:39 . 2005-12-28 04:20 347220 c:\windows\Installer\iProData\mProSafe.msi + 2006-07-12 17:39 . 2005-12-28 04:18 908800 c:\windows\Installer\iProData\mLogView.msi + 2006-07-12 17:39 . 2005-12-28 04:17 849920 c:\windows\Installer\iProData\mGina.msi + 2006-07-12 17:39 . 2005-12-28 04:16 950784 c:\windows\Installer\iProData\mDrWiFi.msi + 2006-11-16 16:58 . 2006-11-16 16:58 428544 c:\windows\Installer\9ff211.msi + 2007-05-05 04:00 . 2007-05-05 04:00 164352 c:\windows\Installer\96f46c.msi + 2004-08-10 18:08 . 2004-08-10 18:08 264704 c:\windows\Installer\7506.msi + 2006-07-12 17:39 . 2006-07-12 17:39 455168 c:\windows\Installer\5bc83.msi + 2006-07-12 17:39 . 2006-07-12 17:39 461824 c:\windows\Installer\5bc7e.msi + 2006-07-12 17:39 . 2006-07-12 17:39 462336 c:\windows\Installer\5bc79.msi + 2006-07-12 17:39 . 2006-07-12 17:39 461824 c:\windows\Installer\5bc74.msi + 2006-07-12 17:39 . 2006-07-12 17:39 349184 c:\windows\Installer\5bc6f.msi + 2006-07-12 17:39 . 2006-07-12 17:39 462848 c:\windows\Installer\5bc6a.msi + 2006-07-12 17:39 . 2006-07-12 17:39 462336 c:\windows\Installer\5bc65.msi + 2006-07-12 17:39 . 2006-07-12 17:39 461824 c:\windows\Installer\5bc60.msi + 2006-07-12 17:39 . 2006-07-12 17:39 453632 c:\windows\Installer\5bc5b.msi + 2006-07-12 17:39 . 2006-07-12 17:39 773632 c:\windows\Installer\5bc51.msi + 2006-07-12 17:39 . 2006-07-12 17:39 346112 c:\windows\Installer\5bc4c.msi + 2006-07-12 17:39 . 2006-07-12 17:39 345600 c:\windows\Installer\5bc47.msi + 2006-07-12 17:39 . 2006-07-12 17:39 529408 c:\windows\Installer\5bc42.msi + 2007-08-15 04:29 . 2007-08-15 04:29 431104 c:\windows\Installer\224781a.msi + 2008-11-17 07:11 . 2008-11-17 07:11 432640 c:\windows\Installer\206c198.msi + 2006-07-12 18:01 . 2006-07-12 18:01 829440 c:\windows\Installer\1750c.msi + 2006-07-12 18:00 . 2006-07-12 18:00 829440 c:\windows\Installer\174fc.msi + 2006-07-12 18:00 . 2006-07-12 18:00 634880 c:\windows\Installer\174f4.msi + 2006-07-12 17:53 . 2006-07-12 17:53 259584 c:\windows\Installer\17144.msi + 2006-07-12 17:52 . 2006-07-12 17:52 285696 c:\windows\Installer\17009.msi + 2006-07-12 17:49 . 2006-07-12 17:49 655360 c:\windows\Installer\16feb.msi + 2006-07-12 17:48 . 2006-07-12 17:48 407040 c:\windows\Installer\16fd5.msi + 2006-07-12 17:47 . 2006-07-12 17:47 157184 c:\windows\Installer\16fd0.msi + 2006-07-12 17:46 . 2006-07-12 17:46 290304 c:\windows\Installer\16fb7.msi + 2006-07-12 17:45 . 2006-07-12 17:45 656896 c:\windows\Installer\16fb3.msi + 2006-07-12 17:44 . 2006-07-12 17:44 669696 c:\windows\Installer\16fab.msi + 2006-07-12 17:43 . 2006-07-12 17:43 256000 c:\windows\Installer\16fa3.msi + 2006-07-12 17:43 . 2006-07-12 17:43 377344 c:\windows\Installer\16f9e.msi + 2007-11-17 03:10 . 2007-11-17 03:10 474624 c:\windows\Installer\12fd013.msi + 2009-04-16 07:02 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll + 2009-04-16 07:02 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll + 2009-04-16 07:02 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll + 2009-04-16 07:02 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe + 2009-04-16 07:02 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll + 2009-04-16 07:02 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll + 2009-04-16 07:02 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll + 2009-04-16 07:02 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll + 2009-04-16 07:02 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll + 2009-04-16 07:02 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe + 2009-04-16 07:02 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll + 2009-04-16 07:02 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll + 2009-04-16 07:02 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll + 2009-04-16 07:02 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll + 2009-04-16 07:02 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll + 2009-04-16 07:02 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll + 2009-04-16 07:02 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll + 2009-04-16 07:02 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll + 2009-04-16 07:02 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll + 2009-04-16 07:02 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll + 2006-07-12 17:43 . 2006-07-12 17:43 413428 c:\windows\Downloaded Installations\{3AE813DE-06D6-4C11-AB7D-3832AA721F16}\Get High Speed Internet!.msi + 2009-04-16 07:03 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB961373$\spuninst\updspapi.dll + 2009-04-16 07:03 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe + 2009-04-16 07:01 . 2004-08-04 10:00 351232 c:\windows\$NtUninstallKB960803$\winhttp.dll + 2009-04-16 07:01 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB960803$\spuninst\updspapi.dll + 2009-04-16 07:01 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe + 2009-04-16 07:03 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB959426$\spuninst\updspapi.dll + 2009-04-16 07:03 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe + 2009-04-16 07:03 . 2007-04-16 15:52 984576 c:\windows\$NtUninstallKB959426$\kernel32.dll + 2009-04-16 07:02 . 2004-08-04 10:00 218112 c:\windows\$NtUninstallKB956572$\wmiprvse.exe + 2009-04-16 07:02 . 2004-08-04 10:00 437248 c:\windows\$NtUninstallKB956572$\wmiprvsd.dll + 2009-04-16 07:02 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB956572$\spuninst\updspapi.dll + 2009-04-16 07:02 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe + 2009-04-16 07:02 . 2004-08-04 10:00 108032 c:\windows\$NtUninstallKB956572$\services.exe + 2009-04-16 07:02 . 2005-07-26 04:39 397824 c:\windows\$NtUninstallKB956572$\rpcss.dll + 2009-04-16 07:02 . 2004-08-04 10:00 283648 c:\windows\$NtUninstallKB956572$\pdh.dll + 2009-04-16 07:02 . 2004-08-04 10:00 708096 c:\windows\$NtUninstallKB956572$\ntdll.dll + 2009-04-16 07:02 . 2007-11-07 09:26 721920 c:\windows\$NtUninstallKB956572$\lsasrv.dll + 2009-04-16 07:02 . 2004-08-04 10:00 472064 c:\windows\$NtUninstallKB956572$\fastprox.dll + 2009-04-16 07:02 . 2004-08-04 10:00 616960 c:\windows\$NtUninstallKB956572$\advapi32.dll + 2009-04-16 07:01 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB952004$\spuninst\updspapi.dll + 2009-04-16 07:01 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe + 2009-04-16 07:01 . 2006-03-01 19:42 161280 c:\windows\$NtUninstallKB952004$\msdtcuiu.dll + 2009-04-16 07:01 . 2006-03-01 19:42 956416 c:\windows\$NtUninstallKB952004$\msdtctm.dll + 2009-04-16 07:01 . 2006-03-01 19:42 426496 c:\windows\$NtUninstallKB952004$\msdtcprx.dll + 2009-04-16 07:01 . 2004-08-04 10:00 214528 c:\windows\$NtUninstallKB923561$\wordpad.exe + 2009-04-16 07:01 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB923561$\spuninst\updspapi.dll + 2009-04-16 07:01 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe + 2009-04-16 07:02 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB963027-IE7\update\updspapi.dll + 2009-04-16 07:02 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB963027-IE7\update\update.exe + 2009-04-16 07:02 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB963027-IE7\spuninst.exe + 2009-03-03 00:17 . 2009-03-03 00:17 828416 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll + 2009-02-20 18:09 . 2009-02-20 18:09 233472 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\webcheck.dll + 2009-02-20 18:09 . 2009-02-20 18:09 105984 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\url.dll + 2009-02-20 18:09 . 2009-02-20 18:09 102912 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\occache.dll + 2009-02-20 18:09 . 2009-02-20 18:09 671232 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mstime.dll + 2009-02-20 18:09 . 2009-02-20 18:09 193024 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\msrating.dll + 2009-02-20 18:09 . 2009-02-20 18:09 477696 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtmled.dll + 2009-02-20 18:09 . 2009-02-20 18:09 459264 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\msfeeds.dll + 2009-02-28 04:54 . 2009-02-28 04:54 636088 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe + 2009-02-20 18:09 . 2009-02-20 18:09 268288 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iertutil.dll + 2009-02-20 18:09 . 2009-02-20 18:09 388608 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iedkcs32.dll + 2009-02-20 18:09 . 2009-02-20 18:09 380928 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dll + 2009-02-20 05:14 . 2009-02-20 05:14 161792 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieakui.dll + 2009-02-20 18:09 . 2009-02-20 18:09 230400 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieaksie.dll + 2009-02-20 18:09 . 2009-02-20 18:09 153088 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieakeng.dll + 2009-02-20 18:09 . 2009-02-20 18:09 132608 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\extmgr.dll + 2009-02-20 18:09 . 2009-02-20 18:09 214528 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\dxtrans.dll + 2009-02-20 18:09 . 2009-02-20 18:09 347136 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\dxtmsft.dll + 2009-02-20 18:09 . 2009-02-20 18:09 124928 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\advpack.dll + 2009-04-16 07:03 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB961373\update\updspapi.dll + 2009-04-16 07:03 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB961373\update\update.exe + 2009-04-16 07:03 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB961373\spuninst.exe + 2009-04-16 07:01 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960803\update\updspapi.dll + 2009-04-16 07:01 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960803\update\update.exe + 2009-04-16 07:01 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB960803\spuninst.exe + 2008-12-16 12:22 . 2008-12-16 12:22 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll + 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\$hf_mig$\KB960803\SP3GDR\winhttp.dll + 2008-12-16 12:36 . 2008-12-16 12:36 354304 c:\windows\$hf_mig$\KB960803\SP2QFE\winhttp.dll + 2009-04-16 07:03 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB959426\update\updspapi.dll + 2009-04-16 07:03 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB959426\update\update.exe + 2009-04-16 07:03 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB959426\spuninst.exe + 2009-03-21 13:59 . 2009-03-21 13:59 991744 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll + 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll + 2009-03-21 13:54 . 2009-03-21 13:54 989184 c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll + 2009-04-16 07:02 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB956572\update\updspapi.dll + 2009-04-16 07:02 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB956572\update\update.exe + 2009-04-16 07:02 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB956572\spuninst.exe + 2009-04-16 05:05 . 2009-02-06 10:15 227840 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe + 2009-04-16 05:05 . 2009-02-09 10:56 453120 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvsd.dll + 2009-04-16 05:05 . 2009-02-06 11:06 110592 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe + 2009-04-16 05:05 . 2009-02-09 10:56 401408 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll + 2009-04-16 05:05 . 2009-03-06 13:49 284160 c:\windows\$hf_mig$\KB956572\SP3QFE\pdh.dll + 2009-04-16 05:05 . 2009-02-09 10:56 715264 c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll + 2009-04-16 05:05 . 2009-02-09 10:56 729088 c:\windows\$hf_mig$\KB956572\SP3QFE\lsasrv.dll + 2009-04-16 05:05 . 2009-02-09 10:56 473600 c:\windows\$hf_mig$\KB956572\SP3QFE\fastprox.dll + 2009-02-10 23:26 . 2009-02-10 23:26 617472 c:\windows\$hf_mig$\KB956572\SP3QFE\advapi32.dll + 2009-04-16 05:05 . 2009-02-06 10:10 227840 c:\windows\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe + 2009-04-16 05:05 . 2009-02-09 12:10 453120 c:\windows\$hf_mig$\KB956572\SP3GDR\wmiprvsd.dll + 2009-04-16 05:05 . 2009-02-06 11:11 110592 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe + 2009-04-16 05:05 . 2009-02-09 12:10 401408 c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll + 2009-04-16 05:05 . 2009-03-06 14:22 284160 c:\windows\$hf_mig$\KB956572\SP3GDR\pdh.dll + 2009-04-16 05:05 . 2009-02-09 12:10 714752 c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll + 2009-04-16 05:05 . 2009-02-09 12:10 729088 c:\windows\$hf_mig$\KB956572\SP3GDR\lsasrv.dll + 2009-04-16 05:05 . 2009-02-09 12:10 473600 c:\windows\$hf_mig$\KB956572\SP3GDR\fastprox.dll + 2009-04-16 05:05 . 2009-02-09 12:10 617472 c:\windows\$hf_mig$\KB956572\SP3GDR\advapi32.dll + 2009-04-16 07:01 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB952004\update\updspapi.dll + 2009-04-16 07:01 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB952004\update\update.exe + 2009-04-16 07:01 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB952004\spuninst.exe + 2008-06-12 14:09 . 2008-06-12 14:09 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll + 2008-06-12 14:09 . 2008-06-12 14:09 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll + 2008-06-12 14:09 . 2008-06-12 14:09 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll + 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcuiu.dll + 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtctm.dll + 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\$hf_mig$\KB952004\SP3GDR\msdtcprx.dll + 2008-06-12 13:47 . 2008-06-12 13:47 161792 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcuiu.dll + 2008-06-12 13:47 . 2008-06-12 13:47 956928 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtctm.dll + 2008-06-12 13:47 . 2008-06-12 13:47 428032 c:\windows\$hf_mig$\KB952004\SP2QFE\msdtcprx.dll + 2009-04-16 07:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB923561\update\updspapi.dll + 2009-04-16 07:01 . 2008-11-15 17:18 755576 c:\windows\$hf_mig$\KB923561\update\update.exe + 2009-04-16 07:01 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB923561\spuninst.exe + 2009-04-16 05:05 . 2008-04-21 12:15 215552 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe + 2009-04-16 05:05 . 2008-04-21 12:08 215552 c:\windows\$hf_mig$\KB923561\SP3GDR\wordpad.exe + 2009-04-16 05:05 . 2008-02-15 09:06 351744 c:\windows\$hf_mig$\KB923561\SP2QFE\xpsp3res.dll + 2009-04-16 05:05 . 2008-04-21 09:26 215552 c:\windows\$hf_mig$\KB923561\SP2QFE\wordpad.exe + 2004-08-10 17:51 . 2004-08-04 10:00 1326080 c:\windows\system32\webfldrs.msi + 2004-08-10 17:51 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll - 2004-08-10 17:51 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll - 2004-08-10 17:51 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll + 2004-08-10 17:51 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll + 2004-08-10 17:51 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll + 2008-11-27 13:31 . 2008-11-27 13:31 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll + 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll - 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat + 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat - 2006-05-10 05:25 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll + 2006-05-10 05:25 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll + 2007-10-29 22:43 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll - 2007-10-29 22:43 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll + 2006-12-19 16:12 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 16:12 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe + 2006-12-19 16:49 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe - 2006-12-19 16:49 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe + 2006-05-19 15:06 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll + 2008-12-22 20:06 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll - 2008-12-22 20:06 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat + 2008-12-22 20:06 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat + 2006-07-18 21:00 . 2006-07-12 17:36 9946112 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi + 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll + 2009-04-29 10:17 . 2009-04-29 10:17 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe + 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2006-07-12 17:39 . 2005-12-28 04:22 1170432 c:\windows\Installer\iProData\mZConfig.msi + 2006-07-12 17:39 . 2005-12-28 04:21 7607808 c:\windows\Installer\iProData\mXML.msi + 2006-07-12 17:39 . 2005-12-28 04:20 1616896 c:\windows\Installer\iProData\mToolkit.msi + 2006-07-12 17:39 . 2005-12-28 04:20 1129472 c:\windows\Installer\iProData\mSSO.msi + 2006-07-12 17:39 . 2005-12-28 04:19 1951744 c:\windows\Installer\iProData\mPfWiz.msi + 2006-07-12 17:39 . 2005-12-28 04:19 1498624 c:\windows\Installer\iProData\mPfMgr.msi + 2006-07-12 17:39 . 2005-12-28 04:18 1486848 c:\windows\Installer\iProData\mMHouse.msi + 2006-07-12 17:39 . 2005-12-28 04:18 3324928 c:\windows\Installer\iProData\mIWA.msi + 2006-07-12 17:39 . 2005-12-28 04:17 5821440 c:\windows\Installer\iProData\mHlpDell.msi + 2006-07-12 17:39 . 2005-12-28 04:16 1620480 c:\windows\Installer\iProData\mEOU.msi + 2006-07-12 17:39 . 2005-12-28 03:42 4404224 c:\windows\Installer\iProData\mDriver.msi + 2006-07-12 17:39 . 2005-12-28 03:36 4779008 c:\windows\Installer\iProData\mCore.msi + 2006-07-20 00:25 . 2006-07-20 00:25 5864960 c:\windows\Installer\e864c2.msp + 2008-09-14 21:02 . 2008-09-14 21:02 3746304 c:\windows\Installer\cdc63e.msi + 2008-09-14 20:59 . 2008-09-14 20:59 8990208 c:\windows\Installer\cdc4a3.msi + 2008-09-14 20:56 . 2008-09-14 20:56 3152384 c:\windows\Installer\cdc1f4.msi + 2008-09-14 20:52 . 2008-09-14 20:52 1549312 c:\windows\Installer\cdc117.msi + 2008-02-27 03:02 . 2008-02-27 03:02 1204224 c:\windows\Installer\aea26f.msi + 2007-07-30 01:56 . 2007-07-30 01:56 3027968 c:\windows\Installer\a280c.msi + 2008-03-17 00:20 . 2008-03-17 00:20 2864640 c:\windows\Installer\657cf9b.msi + 2006-07-21 16:16 . 2006-07-21 16:16 9412096 c:\windows\Installer\5d89c5.msi + 2006-07-12 17:39 . 2006-07-12 17:39 6300672 c:\windows\Installer\5bc56.msi + 2004-08-10 18:09 . 2004-08-10 18:10 3443712 c:\windows\Installer\50c4.msi + 2008-12-17 07:12 . 2008-12-17 07:12 1516032 c:\windows\Installer\4c61e.msi + 2007-01-15 05:23 . 2007-01-15 05:23 3847168 c:\windows\Installer\211cb10.msi + 2008-06-30 23:45 . 2008-06-30 23:45 4753408 c:\windows\Installer\205f5b2.msp + 2009-04-13 03:15 . 2009-04-13 03:15 1633792 c:\windows\Installer\1e94c76.msi + 2006-07-12 17:53 . 2006-07-12 17:53 4995584 c:\windows\Installer\17010.msi + 2006-07-12 17:48 . 2006-07-12 17:48 9649152 c:\windows\Installer\16fe2.msi + 2006-07-12 17:47 . 2006-07-12 17:47 1102848 c:\windows\Installer\16fcb.msi + 2006-07-12 17:47 . 2006-07-12 17:47 1096192 c:\windows\Installer\16fc6.msi + 2006-07-12 17:47 . 2006-07-12 17:47 1094656 c:\windows\Installer\16fc1.msi + 2006-07-12 17:43 . 2006-07-12 17:43 2247680 c:\windows\Installer\16f96.msi + 2007-05-05 01:37 . 2007-05-05 01:37 1392128 c:\windows\Installer\12e9e3.msi + 2006-08-07 20:13 . 2006-08-07 20:13 4716032 c:\windows\Installer\112c9cc.msi + 2008-10-05 09:12 . 2008-10-05 09:12 4784128 c:\windows\Installer\1068519.msp + 2009-04-16 07:02 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll + 2009-04-16 07:02 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll + 2009-04-16 07:02 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll + 2009-04-16 07:02 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat - 2006-07-12 17:38 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2006-07-12 17:38 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2006-07-12 17:38 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2006-07-12 17:38 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2006-07-12 17:39 . 2006-07-12 17:38 5156332 c:\windows\Downloaded Installations\BMP\{77976D5E-C17A-49E5-A91B-D7BFA08301CB}\BACS.msi + 2009-04-16 07:03 . 2008-05-07 05:18 1287680 c:\windows\$NtUninstallKB961373$\quartz.dll + 2009-04-16 07:02 . 2008-08-14 09:55 2142720 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe + 2009-04-16 07:02 . 2008-08-14 09:18 2020864 c:\windows\$NtUninstallKB956572$\ntkrpamp.exe + 2009-04-16 07:02 . 2008-08-14 09:18 2020864 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe + 2009-04-16 07:02 . 2008-08-14 09:55 2142720 c:\windows\$NtUninstallKB956572$\ntkrnlmp.exe + 2009-02-20 18:09 . 2009-02-20 18:09 1163264 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\urlmon.dll + 2009-02-21 07:39 . 2009-02-21 07:39 3596800 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll + 2009-02-20 18:09 . 2009-02-20 18:09 6068736 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieframe.dll + 2009-04-16 05:06 . 2007-04-17 09:32 2455488 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\ieapfltr.dat + 2008-12-20 23:14 . 2008-12-20 23:14 1288192 c:\windows\$hf_mig$\KB961373\SP3QFE\quartz.dll + 2008-12-20 22:14 . 2008-12-20 22:14 1288192 c:\windows\$hf_mig$\KB961373\SP3GDR\quartz.dll + 2008-12-20 22:59 . 2008-12-20 22:59 1288192 c:\windows\$hf_mig$\KB961373\SP2QFE\quartz.dll + 2009-02-07 23:35 . 2009-02-07 23:35 2189184 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe + 2009-04-16 05:05 . 2009-02-06 10:30 2023936 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrpamp.exe + 2009-04-16 05:05 . 2009-02-06 10:30 2066176 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe + 2009-04-16 05:05 . 2009-02-06 11:03 2145280 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlmp.exe + 2009-04-16 05:05 . 2009-02-06 11:08 2189056 c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe + 2009-04-16 05:05 . 2009-02-06 10:32 2023936 c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrpamp.exe + 2009-02-07 23:02 . 2009-02-07 23:02 2066048 c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe + 2009-04-16 05:05 . 2009-02-06 11:06 2145280 c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlmp.exe + 2007-07-11 05:02 . 2007-07-11 05:02 15256576 c:\windows\Installer\2f047e3.msp + 2006-02-27 12:29 . 2006-02-27 12:29 43459072 c:\windows\Installer\17140.msp + 2006-02-27 12:27 . 2006-02-27 12:27 49756672 c:\windows\Installer\170af.msp + 2004-08-10 18:10 . 2004-08-10 18:10 19204096 c:\windows\Installer\1599f.msp + 2006-07-21 16:17 . 2006-07-21 16:17 21069312 c:\windows\Downloaded Installations\{A89EB61A-717D-4E9B-BB70-7626DF2EB947}\iTunes.msi + 2008-03-17 00:19 . 2008-03-17 00:19 12545536 c:\windows\Downloaded Installations\{6FB8D67A-9BAD-4361-9B96-E2970783552D}\Yahoo! Music Jukebox.msi + 2007-09-10 21:12 . 2007-09-24 01:17 17520640 c:\windows\Downloaded Installations\{44D89AE0-DDAA-4693-84E3-180E975E7E42}\Vongo.msi + 2006-07-21 16:12 . 2006-07-21 16:12 35493376 c:\windows\Downloaded Installations\{29F66148-21CF-4C51-8B05-739D40B210A8}\iPod for Windows 2005-06-26.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-29 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-12 169984] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-13 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\Victor Ssang\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-10 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-12 24576] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-13 23:52 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-07-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 01:35] 2009-07-05 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 09:08] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - plugin: c:\documents and settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-07 01:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32] @DACL=(02 0000) @="c:\\windows\\system32\\papukavo.dll" "ThreadingModel"="Both" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(844) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3236) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Dell\QuickSet\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\igfxsrvc.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-07-07 1:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-07 05:13 ComboFix2.txt 2009-04-15 04:22 ComboFix3.txt 2009-04-14 05:04 ComboFix4.txt 2009-04-14 04:56 ComboFix5.txt 2009-07-07 04:49 Pre-Run: 21,763,272,704 bytes free Post-Run: 21,753,548,800 bytes free 843 --- E O F --- 2009-04-16 07:03 |
|
|
|
|
Jul 7 2009, 04:15 AM
Post
#6
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Hi,
Before we go any further, I want to check a few files out. With each of the following files, please upload them to this webpage: c:\windows\system32\userinit.exe c:\windows\system32\winlogon.exe c:\windows\system32\svchost.exe Thanks. |
|
|
|
|
Jul 7 2009, 10:44 PM
Post
#7
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
I have submitted all 3 files at the website.
|
|
|
|
|
Jul 8 2009, 05:00 AM
Post
#8
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Thanks for that. Please delete your copy of ComboFix and down a fresh one (it has been updated).
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE RegLockDel:: [-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}] File:: c:\windows\system32\papukavo.dll 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.  5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Please go to Kaspersky website and perform an online antivirus scan.
|
|
|
|
|
Jul 9 2009, 12:19 AM
Post
#9
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
I attempted to do what you said, but after I dropped the CF Script into ComboFix, it started to run, but AntiVir popped up with a notice. It said that C:\32788R22FWJFW\N.pif contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted). I selected deny access, since I wasn't sure what to do at this point. Once deny access was selected, another message pops up saying Windows cannot find 32788R22FWJFW\N.pif, make sure the file name is typed correctly and to try again.
|
|
|
|
|
Jul 9 2009, 03:19 AM
Post
#10
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Hi,
Anything in the C:\32788R22FWJFW folder is part of ComboFix. Please disable Avira and run the CFScript again, and Allow access to anything in that folder if it pops up again. Thanks. |
|
|
|
|
Jul 9 2009, 02:10 PM
Post
#11
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
Okay, CF was finished this time around, and here's the CF report:
ComboFix 09-07-09.02 - Elaine Sang 07/09/2009 15:49.7.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1586 [GMT -4:00] Running from: c:\documents and settings\Elaine Sang\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Elaine Sang\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\papukavo.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\COUPON~1.OCX . ((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 ))))))))))))))))))))))))))))))) . 2009-06-30 20:06 . 2009-06-30 20:06 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-22 21:07 . 2009-06-22 21:07 -------- d-----w- c:\program files\Keepsake Countdown 2009-06-22 21:07 . 2009-06-22 21:07 38208 ----a-w- c:\documents and settings\Elaine Sang\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-22 21:07 . 2009-06-22 21:07 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-15 10:14 . 2009-06-15 10:14 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-09 17:01 . 2009-04-12 03:28 117760 ----a-w- c:\documents and settings\Elaine Sang\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-07 04:46 . 2008-11-14 03:23 -------- d-----w- c:\documents and settings\Elaine Sang\Application Data\LimeWire 2009-06-30 20:06 . 2009-04-12 06:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-29 18:20 . 2008-12-17 07:12 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-28 05:58 . 2007-05-31 03:35 -------- d-----w- c:\documents and settings\Victor Ssang\Application Data\LimeWire 2009-06-24 19:12 . 2007-01-23 03:22 -------- d--h--w- c:\documents and settings\Elaine Sang\Application Data\Move Networks 2009-06-17 15:27 . 2009-04-12 06:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 15:27 . 2009-04-12 06:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 08:44 . 2009-06-04 08:44 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-06-04 08:44 . 2009-06-04 08:44 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe 2009-06-04 08:44 . 2009-06-04 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm 2009-06-04 08:44 . 2008-09-14 21:01 -------- d-----w- c:\program files\iTunes 2009-06-04 08:43 . 2009-06-04 08:43 -------- d-----w- c:\program files\Last.fm 2009-06-02 01:42 . 2006-07-12 17:56 -------- d-----w- c:\program files\Google 2009-06-02 01:40 . 2009-06-02 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-05-28 01:56 . 2009-03-11 09:43 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-13 03:15 . 2009-04-13 03:15 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-13 03:14 . 2009-04-13 03:14 152576 ----a-w- c:\documents and settings\Elaine Sang\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-14 03:01 . 2006-08-05 18:01 88 --sh--r- c:\windows\system32\D0E5FBB671.sys 2009-03-14 03:01 . 2006-08-05 18:01 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot_2009-07-07_05.07.02 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-09 17:01 . 2009-07-09 17:01 16384 c:\windows\TEMP\Perflib_Perfdata_d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-29 1830128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-12 169984] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-13 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-24 185632] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] c:\documents and settings\Victor Ssang\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-1-10 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-12 24576] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-13 23:52 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] . Contents of the 'Scheduled Tasks' folder 2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-07-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 01:35] 2009-07-08 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 09:08] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - plugin: c:\documents and settings\Elaine Sang\Application Data\Mozilla\Firefox\Profiles\lsvyk9hr.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-09 15:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2009-07-09 15:57 ComboFix-quarantined-files.txt 2009-07-09 19:56 ComboFix2.txt 2009-07-07 05:13 ComboFix3.txt 2009-04-15 04:22 ComboFix4.txt 2009-04-14 05:04 ComboFix5.txt 2009-07-09 19:48 Pre-Run: 21,676,453,888 bytes free Post-Run: 21,671,239,680 bytes free 154 --- E O F --- 2009-04-16 07:03 |
|
|
|
|
Jul 9 2009, 05:40 PM
Post
#12
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Looking good so far. How about the Kaspersky scan? How are things running?
|
|
|
|
|
Jul 10 2009, 07:45 PM
Post
#13
|
|
|
Authentic Member Group: Authentic Member Posts: 55 Joined: 8-January 09 Member No.: 83,498 Operating System: Windows XP |
The random site forwarding has seem to stopped, which is great. However, Kaspersky scan found some harmful files. The Kaspersky log is below.
-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, July 10, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, July 10, 2009 23:22:42 Records in database: 2457893 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 65524 Threat name: 3 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 02:15:31 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hjgruicskcogyt.sys.vir Infected: Rootkit.Win32.Agent.mdu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_74d6c41e_.sys.zip Infected: Backdoor.Win32.NewRest.ao 2 C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruisefkicof.dll.vir Infected: Rootkit.Win32.Agent.mdt 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0100728.sys Infected: Rootkit.Win32.Agent.mdu 1 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP958\A0100729.dll Infected: Rootkit.Win32.Agent.mdt 1 The selected area was scanned. |
|
|
|
|
Jul 11 2009, 10:20 AM
Post
#14
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Hi,
Glad to hear things are running better  Those items that Kaspersky found are only backups of items that have been removed. They will be cleared in this next step. Click Start >> Run, and then type ComboFix /u and hit enter. You can now delete any other tools I had you download and use, unless you wish to keep them. Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place Glad we could be of assistance. Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved. Stay Clean! jpshortstuff |
|
|
|
|
Jul 16 2009, 11:14 AM
Post
#15
|
|
|
SuperHelper Group: Classroom Teacher Posts: 5,601 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
16 | stacks | 525 | Yesterday, 09:25 PM Last post by: CatByte |
|||
 |
8 | stech | 190 | Yesterday, 01:42 PM Last post by: stech |
|||
|
6 | Amebeo | 82 | Yesterday, 12:27 PM Last post by: Amebeo |
|||
|
13 | Demos30 | 526 | Yesterday, 09:24 AM Last post by: jpshortstuff |
|||
|
Time is now: 14th March 2010 - 01:04 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
