Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91682 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Win32 - Trojan.Agent/Gen (Trojan.dropper/Win-NV) Removal He


  • This topic is locked This topic is locked
41 replies to this topic

#1 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 10 October 2009 - 11:04 PM

Hi, Im wondering if someone can help me out with a problem I encountered on my notebook.

I was on a website when I received a notification from Avast that my computer had been infected with mailcious malware. Normally I click on delete or move to... however a few seconds later I received a big screen that said my computer was infected and it rebooted my machine.

After that, when I logged back on, my desktop wouldn't come up. I had to log on as a different user and even then my programs wouldn't run (internet, malware bytes, superantispyware, folders, etc.) I think a message popped up saying they were invalid file folders. I had to re-install superantispyware and malware bytes and the first few times I tried to run it, they would start and then shutdown.

I ended up running combofix and after I did that, I was able to get my desktop back up and run superantispyware as well as malware bytes.

Superantispyware found a Trojan which I believe was Trojan.Agent/Gen or Trojan.Dropper/Win-Nv. It said it removed it, but I am wondering if there is anything lingering.

In addition, now when I run malwarebytes, it flags a few items as trojans, although I think they are legitimate. I have never had this problem before and I'm wondering if the trojan/virus is somehow making things pop up as problems so I'll delete them.

Also, I noticed in my c: drive the following files are now there and I dont believe they were there before:

wridiint.exe
ut9x (ms dos file)
ut (msdos file)
tixqapi.exe
cmlder.exe
.rnd


I'm wondering if anyone can look at my logs and tell me if they see anything that needs to be done. I tried to clean it up as best I could, but I'm wondering if there's something lingering and am now wary of having this computer attached to the network.

Any help would be greatly appreciated, thanks.
--

Malwarebytes' Anti-Malware 1.41
Database version: 2940
Windows 5.1.2600 Service Pack 3

10/10/2009 9:10:14 PM
mbam-log-2009-10-10 (21-10-11).txt

Scan type: Quick Scan
Objects scanned: 116639
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tunebite.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe -tray (Trojan.Agent) -> No action taken.
C:\Documents and Settings\GHL\Local Settings\temp\q75bo2v.exe (Trojan.Downloader) -> No action taken.





-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:04 PM, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SAS\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: VideoRaptorIePlugin Class - {90C8E8F8-A7C9-41E4-92E4-C679AE6FB78D} - C:\Program Files\Videoraptor\VideoRaptorIePlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\bambite\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe -tray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\GHL\Self-Installed\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\GHL\Application Data\svcst.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\GHL\Application Data\svcst.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SAS\SASWINLO.dll
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\PROGRA~1\Avast4\ashMaiSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11276 bytes

-----

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-10 12:00:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\GHL\LOCALS~1\Temp\ufliqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\GH\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\DOCUME~1\GHL\LOCALS~1\Temp\aujasnkj.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe[1748] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\GHL\Self-Installed\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[644] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs crpf.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat AEDC2D20

AttachedDevice \FileSystem\Fastfat \Fat crpf.sys (COMODO Safe Delete Filter/COMODO Security Solutions Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

Attached Files


    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 11 October 2009 - 01:11 AM

Hi Greyspace,

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Combofix is a very powerful tool and should not be used without supervision.

There may be a false positive in the MBAM detections.

Please do the following:
  • Click the Start btton.
  • Click Run.
  • Copy and paste the following line into the run box
    mbam.exe /developer
  • Click OK, MBAM should open
  • Run the same type of scan you did before and save the logfile and post it.

Next

In Windows Explorer, please locate this file C:\combofix.txt and post it's contents.

Please post back with
  • MBAM log
  • combofix.txt
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#3 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 11 October 2009 - 06:36 AM

Thank you so much for your reply and your assistance. The requested logs are below. (I hope I was supposed to paste it as I was unclear as to whether or not the request was to attach, sorry if I did it wrong).


In addition, I just received two pop-ups from Avast saying that my machine was infected with:



C:\tixqapi.exe\2s-ww.exe\wawa.exe (Avast gave me a message that neither deleting or moving to chest was supported for this type of Archive)
C:\Documents and Settings\GHL\Local Settings\temp\q75bo2v.exe (Avast accepted a delete request)

----



Malwarebytes' Anti-Malware 1.41
Database version: 2940
Windows 5.1.2600 Service Pack 3

10/11/2009 5:22:17 AM
mbam-log-2009-10-11 (05-22-04).txt

Scan type: Quick Scan
Objects scanned: 117330
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tunebite.exe (Trojan.Agent) -> No action taken. [4134524130538380756679153472707985130117202021672170672171677167202068177125191
86926216769201768247166]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken. [3857535134304174756668761556667777816681708313014144385864365451513847536454523
851615248395356345138614674688380848071856142798570837970850138898177808370836137
7084768580816140707970836677]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken. [3857535134304666778866837015538366687013014144385864365451513847536454523851615
248395356345138614674688380848071856156747969808884613686838370798555708384748079
613889817780837083935642474237]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301414438586436545151384753645452385161524
839535634513861467468838084807185615674796980888461368683837079855570838474807961
518679]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> No action taken. [3857535134305383807566791539667670347770838513014144385864365451513847536454523
851615248395356345138614674688380848071856156747969808884613686838370798555708384
74807961518679937884708387]

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643
654515138475364545238516152483953563451386146746883808480718561567479698088846136
868383707985557083847480796149807774687470846134688574877037708476858081934780367
36679727479725666777781668170833018130117]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643
654515138475364545238516152483953563451386146746883808480718561567479698088846136
868383707985557083847480796149807774687470846138898177808370839347803468857487703
7708476858081367366797270843018130117]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830417475666876153774848177669049838081708385747084130141443858643
654515138475364545238516152483953563451386146746883808480718561567479698088846136
868383707985557083847480796149807774687470846138898177808370839347805270853468857
48770377084768580813018130117]

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe -tray (Trojan.Agent) -> No action taken. [4134524130538380756679153472707985130117202021672170672171677167202068177125191
86926216769201768247166]
C:\Documents and Settings\GHL\Local Settings\temp\q75bo2v.exe (Trojan.Downloader) -> No action taken. [4134524130538380756679153780887977806669708313012370192122221919692418176866182
223217023252420662066177025196769]


---------------------
ComboFix 09-10-08.04 - GH 10/10/2009 10:10.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1529 [GMT -7:00]
Running from: c:\documents and settings\GH\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 06:12 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-10 06:12 . 2009-10-10 06:12 -------- d-----w- c:\program files\Avast4
2009-10-10 03:58 . 2009-10-10 03:58 -------- d-----w- c:\program files\bambite
2009-10-10 03:54 . 2009-10-10 03:54 -------- d-----w- c:\program files\SAS
2009-10-10 03:53 . 2009-10-10 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- C:\ERDNT
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- c:\windows\ERUNT
2009-10-10 03:23 . 2009-10-10 03:23 -------- d-----w- C:\!FixIEDef
2009-10-10 03:00 . 2009-10-10 17:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-10 03:00 . 2009-10-10 03:00 -------- d-----w- c:\documents and settings\GH\Application Data\SUPERAntiSpyware.com
2009-10-10 02:58 . 2009-10-10 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 02:43 . 2009-10-10 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-10 02:33 . 2009-10-10 02:33 9216 ----a-w- C:\wridiint.exe
2009-10-10 02:33 . 2009-10-10 02:33 207872 ----a-w- C:\tixqapi.exe
2009-09-30 23:33 . 2009-09-30 23:37 -------- d-----w- c:\windows\system32\NtmsData
2009-09-20 14:45 . 2009-09-20 14:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 17:06 . 2007-10-14 13:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-10 07:01 . 2007-04-20 16:07 -------- d-----w- c:\program files\LogMeIn
2009-10-10 06:06 . 2009-07-12 17:49 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-10-10 05:42 . 2007-04-04 03:09 -------- d-----w- c:\program files\NetWaiting
2009-10-10 02:33 . 2004-08-11 22:00 14336 ------w- c:\windows\system32\svchost.exe
2009-10-09 21:21 . 2007-04-04 02:48 48935 ----a-w- c:\windows\system32\nvModes.dat
2009-10-03 03:17 . 2007-12-29 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-10 21:54 . 2009-03-08 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-08 19:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:23 . 2009-09-10 08:13 -------- d-----w- c:\program files\FLAC
2009-09-10 08:38 . 2007-07-16 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 08:11 . 2009-09-10 08:11 2744087 ----a-w- c:\program files\flac-1.2.1b.exe
2009-09-09 01:16 . 2009-09-09 01:16 -------- d-----w- c:\program files\TechSmith
2009-09-08 00:47 . 2009-08-30 00:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 00:47 . 2009-09-08 00:46 7886336 ----a-w- c:\program files\moto setup.msi
2009-09-07 23:05 . 2008-02-04 16:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-07 23:05 . 2007-04-20 16:07 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-07 23:05 . 2007-04-20 16:07 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-07 23:05 . 2006-10-07 02:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 23:05 . 2006-10-07 02:56 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-08-07 02:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-07-16 15:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-16 15:36 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 01:38 . 2009-08-02 01:37 6008376 ----a-w- c:\program files\ashampoo_burning_studio_6_free_676_4280.exe
2009-07-31 23:36 . 2009-07-31 23:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 04:37 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-23 17:52 . 2009-07-23 17:52 278221 ----a-w- c:\program files\gmer.zip
2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 01:20 . 2009-07-12 01:20 265216 ----a-w- c:\program files\TFC.exe
2009-07-12 01:18 . 2009-07-12 01:14 794112 ----a-w- c:\program files\The_Comedian.exe
2009-07-11 12:50 . 2009-07-11 12:50 812344 ----a-w- c:\program files\HJTInstall.exe
2009-07-11 04:24 . 2009-07-11 04:24 5575824 ----a-w- c:\program files\CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe
2009-07-04 22:26 . 2009-07-04 22:26 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2009-07-04 18:04 . 2009-07-04 02:40 23442487 ----a-w- c:\program files\INSTALL.zip
2009-07-04 17:39 . 2009-07-04 17:38 2790624 ----a-w- c:\program files\x-audio-converter-CNET.exe
2009-07-04 17:27 . 2009-07-04 17:27 6698028 ----a-w- c:\program files\aaep.exe
2009-07-04 17:23 . 2009-07-04 17:01 8079082 ----a-w- c:\program files\audioextractor.exe
2009-07-04 17:19 . 2009-07-04 17:18 3176437 ----a-w- c:\program files\youtubedownloader.exe
2009-07-04 02:41 . 2009-07-04 02:41 7814384 ----a-w- c:\program files\audiocapture_wmf_setup.exe
2009-07-04 02:30 . 2009-07-04 02:29 751167 ----a-w- c:\program files\sc11a.exe
2009-07-04 02:23 . 2009-07-04 02:23 2813421 ----a-w- c:\program files\m4a-to-mp3-converter.exe
2009-07-04 01:58 . 2009-07-04 01:57 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-07-03 18:34 . 2009-07-03 18:34 434832 ----a-w- c:\program files\switchsetup.exe
2009-07-03 18:31 . 2009-07-03 18:25 6692753 ----a-w- c:\program files\Setup_FreeConverter.exe
2009-07-03 18:18 . 2009-07-03 18:18 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-06-24 14:03 . 2009-06-24 14:02 13905056 ----a-w- c:\program files\aim6591.exe
2009-04-12 19:32 . 2009-04-12 19:30 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-04-19 18:28 . 2008-01-09 03:19 88 --sh--r- c:\windows\system32\1B491E2DAE.sys
2009-04-19 18:28 . 2008-01-09 03:19 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-10-10_03.41.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-10 03:00 . 2009-10-10 03:00 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-10 03:54 . 2009-10-10 03:54 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-10 03:54 . 2009-10-10 03:54 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-10-10 03:00 . 2009-10-10 03:00 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-10 03:54 . 2009-10-10 03:54 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-10-10 03:00 . 2009-10-10 03:00 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-10-10 17:07 . 2009-10-10 17:07 503808 c:\windows\ERDNT\AutoBackup\10-10-2009\Users\00000002\UsrClass.dat
+ 2009-10-10 17:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-10-2009\ERDNT.EXE
+ 2009-10-10 03:54 . 2009-10-10 03:54 1583616 c:\windows\Installer\5375f.msi
+ 2009-10-10 17:07 . 2009-10-10 17:07 4485120 c:\windows\ERDNT\AutoBackup\10-10-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\bambite\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-3 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\GHL\Self-Installed\Palm\Hotsync.exe [2004-6-9 471040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SAS\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 23:05 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GHL\\Self-Installed\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [7/10/2009 9:25 PM 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [7/10/2009 9:25 PM 39456]
R1 SASDIFSV;SASDIFSV;c:\program files\SAS\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SAS\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/4/2008 9:00 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/4/2008 9:00 AM 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2009 7:55 AM 24652]
S3 SASENUM;SASENUM;c:\program files\SAS\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 10:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\SAS\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-10 10:15
ComboFix-quarantined-files.txt 2009-10-10 17:15
ComboFix2.txt 2009-10-10 03:44
ComboFix3.txt 2009-07-28 10:23

Pre-Run: 3,434,598,400 bytes free
Post-Run: 3,414,933,504 bytes free

227 --- E O F --- 2009-09-10 08:39

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 11 October 2009 - 01:10 PM

Hi Greyspace,

Copy and pasting the logs is perfect.


While we are waiting to hear back from MBAM, let's do a little investigating of our own.


We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path, "Suspicious files to scan" box on the top of the page:

    C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



Combofix was ran more than once. Please post the contents of c:\qoobox\combofix2.txt


Please post back with
  • Virscan results
  • combofix2.txt

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#5 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 11 October 2009 - 03:16 PM

Again, thank you so much for your time and assistance. I am not sure what you meant by waiting back from Mbam... but here are the other logs that you requested:


VirSCAN.org Scanned Report :
Scanned time : 2009/10/11 14:01:56 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : tunebite.exe
File Size : 2846720 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8de30f640ffc260fa08dfa9735a0c430
SHA1 : d041cafea7ee2a8557f547549450aac4df5a3a66
Online report : http://virscan.org/r...02fb9c9dea.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091010020113 2009-10-10 4.38 -
AhnLab V3 2009.10.11.00 2009.10.11 2009-10-11 0.87 -
AntiVir 8.2.1.35 7.1.6.95 2009-10-09 0.14 -
Antiy 2.0.18 20091011.2991415 2009-10-11 0.12 -
Arcavir 2009 200910110856 2009-10-11 0.09 -
Authentium 5.1.1 200910111705 2009-10-11 1.26 -
AVAST! 4.7.4 091011-0 2009-10-11 0.19 -
AVG 8.5.288 270.14.9/2427 2009-10-10 0.48 -
BitDefender 7.81008.4333550 7.28253 2009-10-12 3.73 -
CA (VET) 9.0.0.143 35.1.7059 2009-10-10 4.56 -
ClamAV 0.95.2 9880 2009-10-10 0.47 -
Comodo 3.12 2576 2009-10-11 0.74 -
CP Secure 1.3.0.5 2009.10.11 2009-10-11 0.52 -
Dr.Web 4.44.0.9170 2009.10.11 2009-10-11 5.80 -
F-Prot 4.4.4.56 20091011 2009-10-11 3.77 -
F-Secure 7.02.73807 2009.10.11.01 2009-10-11 8.52 -
Fortinet 2.81-3.120 10.931 2009-10-11 0.43 -
GData 19.8345/19.507 20091011 2009-10-11 5.57 -
ViRobot 20091009 2009.10.09 2009-10-09 0.41 -
Ikarus T3.1.01.72 2009.10.11.74050 2009-10-11 4.72 -
JiangMin 11.0.800 2009.10.08 2009-10-08 5.15 -
Kaspersky 5.5.10 2009.10.11 2009-10-11 0.07 -
KingSoft 2009.2.5.15 2009.10.11.20 2009-10-11 0.49 -
McAfee 5.3.00 5768 2009-10-11 3.45 -
Microsoft 1.5101 2009.10.11 2009-10-11 5.85 -
Norman 6.01.09 6.01.00 2009-10-11 4.01 -
Panda 9.05.01 2009.10.11 2009-10-11 2.15 -
Trend Micro 8.700-1004 6.530.04 2009-10-11 0.04 -
Quick Heal 10.00 2009.10.10 2009-10-10 2.33 -
Rising 20.0 21.50.60.00 2009-10-11 1.25 -
Sophos 2.90.1 4.45 2009-10-12 3.66 -
Sunbelt 5443 5443 2009-10-11 1.95 -
Symantec 1.3.0.24 20091011.004 2009-10-11 0.10 -
nProtect 20091011.01 5780775 2009-10-11 9.10 -
The Hacker 6.5.0.2 v00037 2009-10-11 1.95 -
VBA32 3.12.10.11 20091010.1631 2009-10-10 2.76 -
VirusBuster 4.5.11.10 10.112.65/2002152 2009-10-11 4.30 -
---------



ComboFix 09-10-08.04 - GH 10/09/2009 20:35.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1679 [GMT -7:00]
Running from: c:\documents and settings\GH\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GH\rundll32.exe nvhotkey .exe
c:\documents and settings\GH\stsystra .exe
C:\p2hhr.bat
c:\windows\system32\~.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\critical_warning.html
c:\windows\system32\ctfmon .exe
c:\windows\system32\logs
c:\windows\system32\p0duaad.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate .exe
c:\windows\system32\winupdate.exe
c:\windows\win32k.sys

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- C:\ERDNT
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- c:\windows\ERUNT
2009-10-10 03:23 . 2009-10-10 03:23 -------- d-----w- C:\!FixIEDef
2009-10-10 03:00 . 2009-10-10 03:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-10 03:00 . 2009-10-10 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 03:00 . 2009-10-10 03:00 -------- d-----w- c:\documents and settings\GH\Application Data\SUPERAntiSpyware.com
2009-10-10 02:58 . 2009-10-10 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 02:54 . 2009-10-10 03:41 30720 ----a-w- c:\documents and settings\GH\stsystra.exe
2009-10-10 02:43 . 2009-10-10 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-10 02:33 . 2009-10-10 02:33 30720 ----a-w- C:\elboofy.exe
2009-10-10 02:33 . 2009-10-10 02:33 24576 ----a-w- C:\divqh.exe
2009-10-10 02:33 . 2009-10-10 02:33 9216 ----a-w- C:\wridiint.exe
2009-10-10 02:33 . 2009-10-10 02:33 39936 ----a-w- C:\mkjjnwwp.exe
2009-10-10 02:33 . 2009-10-10 02:33 207872 ----a-w- C:\tixqapi.exe
2009-10-10 02:33 . 2009-10-10 02:33 19456 ----a-w- C:\dslagxb.exe
2009-09-30 23:33 . 2009-09-30 23:37 -------- d-----w- c:\windows\system32\NtmsData
2009-09-20 14:45 . 2009-09-20 14:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-10 08:13 . 2009-09-10 13:23 -------- d-----w- c:\program files\FLAC
2009-09-10 08:11 . 2009-09-10 08:11 2744087 ----a-w- c:\program files\flac-1.2.1b.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 03:14 . 2007-04-04 03:09 -------- d-----w- c:\program files\NetWaiting
2009-10-10 02:49 . 2007-10-14 13:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-10 02:33 . 2004-08-11 22:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-09 21:21 . 2007-04-04 02:48 48935 ----a-w- c:\windows\system32\nvModes.dat
2009-10-09 08:52 . 2007-04-20 16:07 -------- d-----w- c:\program files\LogMeIn
2009-10-03 03:17 . 2007-12-29 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-10 21:54 . 2009-03-08 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-08 19:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 08:38 . 2007-07-16 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 01:16 . 2009-09-09 01:16 -------- d-----w- c:\program files\TechSmith
2009-09-08 00:47 . 2009-08-30 00:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 00:47 . 2009-09-08 00:46 7886336 ----a-w- c:\program files\moto setup.msi
2009-09-07 23:05 . 2008-02-04 16:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-07 23:05 . 2007-04-20 16:07 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-07 23:05 . 2007-04-20 16:07 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-07 23:05 . 2006-10-07 02:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 23:05 . 2006-10-07 02:56 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-08-17 16:10 . 2009-06-06 07:25 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-06 07:26 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-06 07:26 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-06 07:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-06 07:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-06 07:26 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-06 07:26 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-06 07:26 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-06 07:26 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 02:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-11 22:12 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-07-16 15:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-16 15:36 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 01:38 . 2009-08-02 01:37 6008376 ----a-w- c:\program files\ashampoo_burning_studio_6_free_676_4280.exe
2009-07-31 23:36 . 2009-07-31 23:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 04:37 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-23 17:52 . 2009-07-23 17:52 278221 ----a-w- c:\program files\gmer.zip
2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 17:49 . 2009-07-12 17:49 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-07-12 01:20 . 2009-07-12 01:20 265216 ----a-w- c:\program files\TFC.exe
2009-07-12 01:18 . 2009-07-12 01:14 794112 ----a-w- c:\program files\The_Comedian.exe
2009-07-11 12:50 . 2009-07-11 12:50 812344 ----a-w- c:\program files\HJTInstall.exe
2009-07-11 04:24 . 2009-07-11 04:24 5575824 ----a-w- c:\program files\CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe
2009-07-04 22:26 . 2009-07-04 22:26 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2009-07-04 18:04 . 2009-07-04 02:40 23442487 ----a-w- c:\program files\INSTALL.zip
2009-07-04 17:39 . 2009-07-04 17:38 2790624 ----a-w- c:\program files\x-audio-converter-CNET.exe
2009-07-04 17:27 . 2009-07-04 17:27 6698028 ----a-w- c:\program files\aaep.exe
2009-07-04 17:23 . 2009-07-04 17:01 8079082 ----a-w- c:\program files\audioextractor.exe
2009-07-04 17:19 . 2009-07-04 17:18 3176437 ----a-w- c:\program files\youtubedownloader.exe
2009-07-04 02:41 . 2009-07-04 02:41 7814384 ----a-w- c:\program files\audiocapture_wmf_setup.exe
2009-07-04 02:30 . 2009-07-04 02:29 751167 ----a-w- c:\program files\sc11a.exe
2009-07-04 02:23 . 2009-07-04 02:23 2813421 ----a-w- c:\program files\m4a-to-mp3-converter.exe
2009-07-04 01:58 . 2009-07-04 01:57 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-07-03 18:34 . 2009-07-03 18:34 434832 ----a-w- c:\program files\switchsetup.exe
2009-07-03 18:31 . 2009-07-03 18:25 6692753 ----a-w- c:\program files\Setup_FreeConverter.exe
2009-07-03 18:18 . 2009-07-03 18:18 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-06-24 14:03 . 2009-06-24 14:02 13905056 ----a-w- c:\program files\aim6591.exe
2009-04-12 19:32 . 2009-04-12 19:30 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-04-19 18:28 . 2008-01-09 03:19 88 --sh--r- c:\windows\system32\1B491E2DAE.sys
2009-04-19 18:28 . 2008-01-09 03:19 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-28_10.18.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 02:41 . 2009-07-12 02:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-10 03:40 . 2009-10-10 03:40 16384 c:\windows\temp\Perflib_Perfdata_110.dat
+ 2004-08-11 22:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-04-04 02:59 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2004-08-11 22:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-11 22:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
- 2007-04-04 03:09 . 2007-07-27 16:41 26488 c:\windows\system32\spupdsvc.exe
+ 2007-04-04 03:09 . 2007-07-27 17:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-04-20 16:07 . 2008-12-17 00:36 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2007-04-20 16:07 . 2009-09-07 23:05 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2009-07-25 21:36 . 2007-07-27 17:41 16760 c:\windows\system32\spmsg.dll
- 2009-07-25 21:36 . 2007-07-27 16:41 16760 c:\windows\system32\spmsg.dll
+ 2009-10-06 10:09 . 2009-08-07 02:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-06 10:09 . 2009-08-07 02:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-11 22:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2007-08-14 01:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-08-29 23:58 . 2009-08-29 23:58 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-11 22:00 . 2008-04-14 00:11 56320 c:\windows\system32\logevent.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2007-08-14 01:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-14 01:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-11 22:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 78336 c:\windows\system32\ieencode.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll
- 2004-08-11 22:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-14 01:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2007-08-14 01:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2004-08-11 22:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2004-08-11 22:12 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-11 22:12 . 2009-08-07 02:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2007-08-14 01:36 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 01:36 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-04-12 19:34 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-12 19:34 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2007-08-14 01:54 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-04-12 19:34 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2009-04-12 19:34 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-08-14 01:39 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 01:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 01:45 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 01:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 01:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-04-12 19:34 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-04-12 19:34 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-11 22:00 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2007-08-14 01:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-14 01:42 . 2007-08-14 01:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-11 22:00 . 2009-08-07 02:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2007-04-04 03:12 . 2009-10-10 03:41 30720 c:\windows\system32\dla\tfswctrl.exe
+ 2004-08-11 22:00 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll
+ 2006-11-13 20:38 . 2006-11-13 20:38 22824 c:\windows\system32\ceutil.dll
+ 2004-08-11 22:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2009-10-10 03:00 . 2009-10-10 03:00 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-03-08 19:44 . 2009-03-08 19:44 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-10 03:00 . 2009-10-10 03:00 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2009-03-08 19:44 . 2009-03-08 19:44 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-09-08 00:47 . 2009-09-08 00:47 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2009-09-08 00:47 . 2009-09-08 00:47 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-30 01:47 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-30 01:47 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-30 01:47 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-30 01:47 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-30 01:47 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-30 01:47 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2007-05-23 02:14 . 2009-05-14 21:29 70984 c:\windows\Downloaded Program Files\LMIProxyHelper.exe
+ 2009-06-10 17:33 . 2009-06-10 17:33 15664 c:\windows\Downloaded Program Files\LMIGuardianEvt.dll
+ 2009-06-10 17:33 . 2009-06-10 17:33 83256 c:\windows\Downloaded Program Files\LMIGuardian.exe
+ 2009-08-12 01:16 . 2008-04-14 00:11 58880 c:\windows\$NtUninstallKB973507$\atl.dll
+ 2009-08-12 01:17 . 2008-04-14 00:11 84992 c:\windows\$NtUninstallKB971557$\avifil32.dll
+ 2009-08-26 10:29 . 2008-04-14 00:12 60416 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-26 10:29 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-08-14 04:29 . 2008-04-14 00:12 49152 c:\windows\$NtUninstallKB968389$\wdigest.dll
+ 2009-08-14 04:29 . 2009-02-03 19:59 56832 c:\windows\$NtUninstallKB968389$\secur32.dll
+ 2009-08-14 04:29 . 2008-04-13 18:31 92288 c:\windows\$NtUninstallKB968389$\ksecdd.sys
+ 2009-08-12 01:17 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371-v2$\fontsub.dll
+ 2009-08-12 01:17 . 2008-04-14 00:12 78336 c:\windows\$NtUninstallKB960859$\tlntsess.exe
+ 2009-08-12 01:17 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB960859$\telnet.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973869\update\spcustom.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973869\spmsg.dll
+ 2009-08-12 01:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973815\update\spcustom.dll
+ 2009-08-12 01:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973815\spmsg.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973507\update\spcustom.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973507\spmsg.dll
+ 2009-07-17 19:25 . 2009-07-17 19:25 58880 c:\windows\$hf_mig$\KB973507\SP3QFE\atl.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973354\update\spcustom.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973354\spmsg.dll
+ 2009-07-30 01:47 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll
+ 2009-07-30 01:47 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll
+ 2009-06-29 11:25 . 2009-06-29 11:25 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971657\update\spcustom.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971657\spmsg.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971557\update\spcustom.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971557\spmsg.dll
+ 2009-06-10 14:01 . 2009-06-10 14:01 84992 c:\windows\$hf_mig$\KB971557\SP3QFE\avifil32.dll
+ 2009-08-14 04:29 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-08-14 04:29 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2009-08-12 01:17 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB961371-v2\update\spcustom.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB961371-v2\spmsg.dll
+ 2009-07-29 04:30 . 2009-07-29 04:30 81920 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\fontsub.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB960859\update\spcustom.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB960859\spmsg.dll
+ 2009-06-12 12:03 . 2009-06-12 12:03 80896 c:\windows\$hf_mig$\KB960859\SP3QFE\tlntsess.exe
+ 2009-06-12 12:03 . 2009-06-12 12:03 76288 c:\windows\$hf_mig$\KB960859\SP3QFE\telnet.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956744\update\spcustom.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956744\spmsg.dll
+ 2007-05-23 02:14 . 2009-05-14 21:29 8520 c:\windows\system32\ractrlkeyhook.dll
+ 2009-10-10 03:00 . 2009-10-10 03:00 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2004-08-11 22:00 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-11 22:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 827392 c:\windows\system32\wininet.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 827392 c:\windows\system32\wininet.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2006-11-13 20:39 . 2006-11-13 20:39 138024 c:\windows\system32\rapi.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
- 2007-08-14 01:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2004-08-11 22:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-11 22:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2004-08-11 22:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2009-07-31 23:37 . 2009-07-31 23:36 148888 c:\windows\system32\javaws.exe
+ 2009-07-31 23:37 . 2009-07-31 23:36 144792 c:\windows\system32\javaw.exe
+ 2009-07-31 23:37 . 2009-07-31 23:36 144792 c:\windows\system32\java.exe
- 2007-08-14 01:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2007-08-14 01:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 22:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:12 . 2009-08-07 02:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-11 22:12 . 2009-08-07 02:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-11 22:12 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2008-08-23 07:38 . 2009-07-14 06:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-21 06:44 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-21 06:44 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
- 2007-08-14 01:54 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 01:44 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 01:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-09-08 21:46 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
- 2007-08-14 01:44 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2007-08-14 01:54 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:44 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-14 01:44 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-14 01:54 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-04-12 19:34 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-12 19:34 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-15 21:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-14 01:38 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2007-08-14 01:38 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 01:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2009-04-12 19:34 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-12 19:34 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-14 01:39 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-04-12 19:34 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-14 00:56 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-14 01:39 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 01:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 01:39 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 01:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-14 01:54 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 01:54 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-14 01:35 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 01:35 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-14 01:35 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:39 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-14 01:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-04-04 03:12 . 2004-12-06 06:05 127035 c:\windows\system32\dla\tfswctrl .exe
+ 2004-08-11 22:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
- 2004-08-11 22:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
+ 2009-09-08 00:47 . 2009-09-08 00:47 912384 c:\windows\Installer\223afb6.msi
+ 2009-07-30 01:46 . 2009-07-30 01:46 248832 c:\windows\Installer\16f5128.msi
+ 2007-07-16 15:29 . 2009-09-10 08:38 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-07-16 15:29 . 2009-09-10 08:38 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-07-16 15:29 . 2009-07-21 04:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-05-26 22:16 . 2009-07-21 04:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-05-26 22:16 . 2009-09-10 08:38 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-07-04 15:56 . 2009-07-04 15:56 680448 c:\windows\Installer\{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}\IconEF5C48881.exe
+ 2009-07-04 15:56 . 2009-09-09 01:17 680448 c:\windows\Installer\{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}\IconEF5C48881.exe
+ 2009-07-30 01:47 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-30 01:47 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-30 01:47 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-30 01:47 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-30 01:47 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-30 01:47 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-30 01:47 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2008-12-25 03:47 . 2005-10-20 16:00 157696 c:\windows\ERUNT\ERUNT.EXE
+ 2009-09-09 13:18 . 2009-09-09 13:18 495616 c:\windows\ERDNT\AutoBackup\9-9-2009\Users\00000002\UsrClass.dat
+ 2009-09-09 13:18 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-9-2009\ERDNT.EXE
+ 2009-09-30 22:27 . 2009-09-30 22:27 499712 c:\windows\ERDNT\AutoBackup\9-30-2009\Users\00000002\UsrClass.dat
+ 2009-09-30 22:27 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-30-2009\ERDNT.EXE
+ 2009-09-29 22:39 . 2009-09-29 22:39 499712 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
+ 2009-09-29 22:39 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-09-28 22:37 . 2009-09-28 22:37 499712 c:\windows\ERDNT\AutoBackup\9-28-2009\Users\00000002\UsrClass.dat
+ 2009-09-28 22:37 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-28-2009\ERDNT.EXE
+ 2009-09-27 14:29 . 2009-09-27 14:29 499712 c:\windows\ERDNT\AutoBackup\9-27-2009\Users\00000002\UsrClass.dat
+ 2009-09-27 14:29 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2009\ERDNT.EXE
+ 2009-09-26 22:20 . 2009-09-26 22:20 499712 c:\windows\ERDNT\AutoBackup\9-26-2009\Users\00000002\UsrClass.dat
+ 2009-09-26 22:20 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-26-2009\ERDNT.EXE
+ 2009-09-26 03:05 . 2009-09-26 03:05 499712 c:\windows\ERDNT\AutoBackup\9-25-2009\Users\00000002\UsrClass.dat
+ 2009-09-26 03:05 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-25-2009\ERDNT.EXE
+ 2009-09-24 22:35 . 2009-09-24 22:35 499712 c:\windows\ERDNT\AutoBackup\9-24-2009\Users\00000002\UsrClass.dat
+ 2009-09-24 22:35 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-24-2009\ERDNT.EXE
+ 2009-09-23 21:46 . 2009-09-23 21:46 499712 c:\windows\ERDNT\AutoBackup\9-23-2009\Users\00000002\UsrClass.dat
+ 2009-09-23 21:46 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-23-2009\ERDNT.EXE
+ 2009-09-22 21:44 . 2009-09-22 21:44 499712 c:\windows\ERDNT\AutoBackup\9-22-2009\Users\00000002\UsrClass.dat
+ 2009-09-22 21:44 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-22-2009\ERDNT.EXE
+ 2009-09-21 09:24 . 2009-09-21 09:24 499712 c:\windows\ERDNT\AutoBackup\9-21-2009\Users\00000002\UsrClass.dat
+ 2009-09-21 09:24 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-21-2009\ERDNT.EXE
+ 2009-09-20 14:09 . 2009-09-20 14:09 499712 c:\windows\ERDNT\AutoBackup\9-20-2009\Users\00000002\UsrClass.dat
+ 2009-09-20 14:09 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-20-2009\ERDNT.EXE
+ 2009-09-19 22:21 . 2009-09-19 22:21 499712 c:\windows\ERDNT\AutoBackup\9-19-2009\Users\00000002\UsrClass.dat
+ 2009-09-19 22:21 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-19-2009\ERDNT.EXE
+ 2009-09-18 20:45 . 2009-09-18 20:45 499712 c:\windows\ERDNT\AutoBackup\9-18-2009\Users\00000002\UsrClass.dat
+ 2009-09-18 20:45 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-18-2009\ERDNT.EXE
+ 2009-09-17 23:17 . 2009-09-17 23:17 499712 c:\windows\ERDNT\AutoBackup\9-17-2009\Users\00000002\UsrClass.dat
+ 2009-09-17 23:17 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-17-2009\ERDNT.EXE
+ 2009-09-16 22:50 . 2009-09-16 22:50 499712 c:\windows\ERDNT\AutoBackup\9-16-2009\Users\00000002\UsrClass.dat
+ 2009-09-16 22:50 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-16-2009\ERDNT.EXE
+ 2009-09-15 23:19 . 2009-09-15 23:19 499712 c:\windows\ERDNT\AutoBackup\9-15-2009\Users\00000002\UsrClass.dat
+ 2009-09-15 23:19 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-15-2009\ERDNT.EXE
+ 2009-09-14 08:05 . 2009-09-14 08:05 495616 c:\windows\ERDNT\AutoBackup\9-14-2009\Users\00000002\UsrClass.dat
+ 2009-09-14 08:05 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-14-2009\ERDNT.EXE
+ 2009-09-12 17:51 . 2009-09-12 17:51 495616 c:\windows\ERDNT\AutoBackup\9-12-2009\Users\00000002\UsrClass.dat
+ 2009-09-12 17:51 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-12-2009\ERDNT.EXE
+ 2009-09-11 07:49 . 2009-09-11 07:49 495616 c:\windows\ERDNT\AutoBackup\9-11-2009\Users\00000002\UsrClass.dat
+ 2009-09-11 07:49 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-11-2009\ERDNT.EXE
+ 2009-09-10 13:02 . 2009-09-10 13:02 495616 c:\windows\ERDNT\AutoBackup\9-10-2009\Users\00000002\UsrClass.dat
+ 2009-09-10 13:02 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-10-2009\ERDNT.EXE
+ 2009-10-09 15:57 . 2009-10-09 15:57 503808 c:\windows\ERDNT\AutoBackup\10-9-2009\Users\00000002\UsrClass.dat
+ 2009-10-09 15:57 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-9-2009\ERDNT.EXE
+ 2009-10-08 23:07 . 2009-10-08 23:07 503808 c:\windows\ERDNT\AutoBackup\10-8-2009\Users\00000002\UsrClass.dat
+ 2009-10-08 23:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-8-2009\ERDNT.EXE
+ 2009-10-07 18:24 . 2009-10-07 18:24 503808 c:\windows\ERDNT\AutoBackup\10-7-2009\Users\00000002\UsrClass.dat
+ 2009-10-07 18:24 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-7-2009\ERDNT.EXE
+ 2009-10-06 22:40 . 2009-10-06 22:40 503808 c:\windows\ERDNT\AutoBackup\10-6-2009\Users\00000002\UsrClass.dat
+ 2009-10-06 22:40 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-6-2009\ERDNT.EXE
+ 2009-10-06 00:57 . 2009-10-06 00:57 503808 c:\windows\ERDNT\AutoBackup\10-5-2009\Users\00000002\UsrClass.dat
+ 2009-10-06 00:57 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-5-2009\ERDNT.EXE
+ 2009-10-04 15:28 . 2009-10-04 15:28 503808 c:\windows\ERDNT\AutoBackup\10-4-2009\Users\00000002\UsrClass.dat
+ 2009-10-04 15:28 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-4-2009\ERDNT.EXE
+ 2009-10-03 17:20 . 2009-10-03 17:20 503808 c:\windows\ERDNT\AutoBackup\10-3-2009\Users\00000002\UsrClass.dat
+ 2009-10-03 17:20 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-3-2009\ERDNT.EXE
+ 2009-10-02 21:23 . 2009-10-02 21:23 499712 c:\windows\ERDNT\AutoBackup\10-2-2009\Users\00000002\UsrClass.dat
+ 2009-10-02 21:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-2-2009\ERDNT.EXE
+ 2009-10-01 23:05 . 2009-10-01 23:05 499712 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000002\UsrClass.dat
+ 2009-10-01 23:05 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2009\ERDNT.EXE
+ 2009-06-10 17:33 . 2009-06-10 17:33 574768 c:\windows\Downloaded Program Files\LMIGuardianDll.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2009-08-12 01:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973815$\spuninst\updspapi.dll
+ 2009-08-12 01:15 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe
+ 2009-08-12 01:15 . 2008-04-14 00:12 203776 c:\windows\$NtUninstallKB973815$\mswebdvd.dll
+ 2009-08-12 01:16 . 2006-10-19 04:47 314880 c:\windows\$NtUninstallKB973540_WM9$\wmpdxm.dll
+ 2009-08-12 01:16 . 2007-07-27 17:41 382840 c:\windows\$NtUninstallKB973540_WM9$\spuninst\updspapi.dll
+ 2009-08-12 01:16 . 2007-07-27 17:41 231288 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe
+ 2009-08-12 01:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2009-08-12 01:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973354$\spuninst\updspapi.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe
+ 2009-08-12 01:17 . 2008-04-14 00:12 132096 c:\windows\$NtUninstallKB971657$\wkssvc.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971657$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971557$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe
+ 2009-08-26 10:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-26 10:29 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-08-14 04:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB968389$\spuninst\updspapi.dll
+ 2009-08-14 04:29 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe
+ 2009-08-14 04:29 . 2008-12-05 06:54 144896 c:\windows\$NtUninstallKB968389$\schannel.dll
+ 2009-08-14 04:29 . 2008-04-14 00:12 132608 c:\windows\$NtUninstallKB968389$\msv1_0.dll
+ 2009-08-14 04:29 . 2009-02-09 12:10 729088 c:\windows\$NtUninstallKB968389$\lsasrv.dll
+ 2009-08-14 04:29 . 2008-04-14 00:11 299520 c:\windows\$NtUninstallKB968389$\kerberos.dll
+ 2009-08-12 01:17 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371-v2$\t2embed.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371-v2$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB961371-v2$\spuninst\spuninst.exe
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956744$\spuninst\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973869\update\updspapi.dll
+ 2009-08-12 01:17 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973869\update\update.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973869\spuninst.exe
+ 2009-08-12 01:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973815\update\updspapi.dll
+ 2009-08-12 01:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973815\update\update.exe
+ 2009-08-12 01:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973815\spuninst.exe
+ 2009-08-05 08:52 . 2009-08-05 08:52 204800 c:\windows\$hf_mig$\KB973815\SP3QFE\mswebdvd.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973507\update\updspapi.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973507\update\update.exe
+ 2009-08-12 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973507\spuninst.exe
+ 2009-08-12 01:16 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973354\update\updspapi.dll
+ 2009-08-12 01:16 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973354\update\update.exe
+ 2009-08-12 01:16 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973354\spuninst.exe
+ 2009-07-30 01:47 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB972260-IE7\update\updspapi.dll
+ 2009-07-30 01:47 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe
+ 2009-07-30 01:47 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB972260-IE7\spuninst.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 828928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 233472 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\webcheck.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 105984 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\url.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 102912 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\occache.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 671232 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mstime.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 193024 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msrating.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 477696 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtmled.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 459264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeeds.dll
+ 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
+ 2009-06-29 16:23 . 2009-06-29 16:23 268288 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iertutil.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 388608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iedkcs32.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 380928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dll
+ 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakui.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 230400 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieaksie.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 153088 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakeng.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 132608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\extmgr.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 214528 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtrans.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 347136 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtmsft.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 124928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\advpack.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971657\update\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971657\update\update.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971657\spuninst.exe
+ 2009-06-10 06:17 . 2009-06-10 06:17 134144 c:\windows\$hf_mig$\KB971657\SP3QFE\wkssvc.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971557\update\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971557\update\update.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971557\spuninst.exe
+ 2009-08-14 04:29 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-08-14 04:29 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-08-14 04:29 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:41 . 2009-06-25 08:41 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:41 . 2009-06-26 09:41 730112 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:41 . 2009-06-25 08:41 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371-v2\update\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371-v2\update\update.exe
+ 2009-08-12 01:17 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB961371-v2\spuninst.exe
+ 2009-07-29 04:30 . 2009-07-29 04:30 119808 c:\windows\$hf_mig$\KB961371-v2\SP3QFE\t2embed.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB960859\update\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB960859\update\update.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB960859\spuninst.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956744\update\updspapi.dll
+ 2009-08-12 01:17 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB956744\update\update.exe
+ 2009-08-12 01:17 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956744\spuninst.exe
+ 2004-08-11 22:00 . 2009-05-20 11:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-11 22:00 . 2008-06-18 12:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-11 22:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
- 2004-08-11 22:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:11 . 2009-06-10 16:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-11 22:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 23:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2004-08-11 22:12 . 2009-08-07 02:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-11 22:00 . 2009-05-20 11:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-11 22:00 . 2008-06-18 12:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2008-06-26 08:15 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:15 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-10 16:19 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-08-11 22:44 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-21 06:44 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-12 19:34 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-04-12 19:34 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-07-31 23:36 . 2009-07-31 23:36 1563648 c:\windows\Installer\d167b0.msi
+ 2009-08-18 19:56 . 2009-08-18 19:56 5020672 c:\windows\Installer\762409.msp
+ 2009-10-10 03:00 . 2009-10-10 03:00 1583616 c:\windows\Installer\6a363.msi
+ 2009-07-27 11:32 . 2009-07-27 11:32 5028352 c:\windows\Installer\1465f0.msp
+ 2009-05-26 22:16 . 2009-09-10 08:38 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-05-26 22:16 . 2009-07-21 04:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-26 22:16 . 2009-09-10 08:38 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-05-26 22:16 . 2009-07-21 04:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-04 15:56 . 2009-09-09 01:17 1653248 c:\windows\Installer\{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}\IconEF5C48883.exe
- 2009-07-04 15:56 . 2009-07-04 15:56 1653248 c:\windows\Installer\{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}\IconEF5C48883.exe
+ 2009-07-30 01:47 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-30 01:47 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-30 01:47 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-30 01:47 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2009-09-09 13:18 . 2009-09-09 13:18 4177920 c:\windows\ERDNT\AutoBackup\9-9-2009\Users\00000001\NTUSER.DAT
+ 2009-09-30 22:27 . 2009-09-30 22:27 4374528 c:\windows\ERDNT\AutoBackup\9-30-2009\Users\00000001\NTUSER.DAT
+ 2009-09-29 22:39 . 2009-09-29 22:39 4374528 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
+ 2009-09-28 22:37 . 2009-09-28 22:37 4366336 c:\windows\ERDNT\AutoBackup\9-28-2009\Users\00000001\NTUSER.DAT
+ 2009-09-27 14:29 . 2009-09-27 14:29 4366336 c:\windows\ERDNT\AutoBackup\9-27-2009\Users\00000001\NTUSER.DAT
+ 2009-09-26 22:20 . 2009-09-26 22:20 4366336 c:\windows\ERDNT\AutoBackup\9-26-2009\Users\00000001\NTUSER.DAT
+ 2009-09-26 03:05 . 2009-09-26 03:05 4358144 c:\windows\ERDNT\AutoBackup\9-25-2009\Users\00000001\NTUSER.DAT
+ 2009-09-24 22:35 . 2009-09-24 22:35 4345856 c:\windows\ERDNT\AutoBackup\9-24-2009\Users\00000001\NTUSER.DAT
+ 2009-09-23 21:46 . 2009-09-23 21:46 4325376 c:\windows\ERDNT\AutoBackup\9-23-2009\Users\00000001\NTUSER.DAT
+ 2009-09-22 21:44 . 2009-09-22 21:44 4288512 c:\windows\ERDNT\AutoBackup\9-22-2009\Users\00000001\NTUSER.DAT
+ 2009-09-21 09:24 . 2009-09-21 09:24 4288512 c:\windows\ERDNT\AutoBackup\9-21-2009\Users\00000001\NTUSER.DAT
+ 2009-09-20 14:09 . 2009-09-20 14:09 4288512 c:\windows\ERDNT\AutoBackup\9-20-2009\Users\00000001\NTUSER.DAT
+ 2009-09-19 22:21 . 2009-09-19 22:21 4272128 c:\windows\ERDNT\AutoBackup\9-19-2009\Users\00000001\NTUSER.DAT
+ 2009-09-18 20:45 . 2009-09-18 20:45 4255744 c:\windows\ERDNT\AutoBackup\9-18-2009\Users\00000001\NTUSER.DAT
+ 2009-09-17 23:17 . 2009-09-17 23:17 4239360 c:\windows\ERDNT\AutoBackup\9-17-2009\Users\00000001\NTUSER.DAT
+ 2009-09-16 22:50 . 2009-09-16 22:50 4239360 c:\windows\ERDNT\AutoBackup\9-16-2009\Users\00000001\NTUSER.DAT
+ 2009-09-15 23:19 . 2009-09-15 23:19 4239360 c:\windows\ERDNT\AutoBackup\9-15-2009\Users\00000001\NTUSER.DAT
+ 2009-09-14 08:05 . 2009-09-14 08:05 4222976 c:\windows\ERDNT\AutoBackup\9-14-2009\Users\00000001\NTUSER.DAT
+ 2009-09-12 17:51 . 2009-09-12 17:51 4222976 c:\windows\ERDNT\AutoBackup\9-12-2009\Users\00000001\NTUSER.DAT
+ 2009-09-11 07:49 . 2009-09-11 07:49 4190208 c:\windows\ERDNT\AutoBackup\9-11-2009\Users\00000001\NTUSER.DAT
+ 2009-09-10 13:02 . 2009-09-10 13:02 4190208 c:\windows\ERDNT\AutoBackup\9-10-2009\Users\00000001\NTUSER.DAT
+ 2009-10-09 15:57 . 2009-10-09 15:57 4468736 c:\windows\ERDNT\AutoBackup\10-9-2009\Users\00000001\NTUSER.DAT
+ 2009-10-08 23:07 . 2009-10-08 23:07 4468736 c:\windows\ERDNT\AutoBackup\10-8-2009\Users\00000001\NTUSER.DAT
+ 2009-10-07 18:24 . 2009-10-07 18:24 4448256 c:\windows\ERDNT\AutoBackup\10-7-2009\Users\00000001\NTUSER.DAT
+ 2009-10-06 22:40 . 2009-10-06 22:40 4448256 c:\windows\ERDNT\AutoBackup\10-6-2009\Users\00000001\NTUSER.DAT
+ 2009-10-06 00:57 . 2009-10-06 00:57 4448256 c:\windows\ERDNT\AutoBackup\10-5-2009\Users\00000001\NTUSER.DAT
+ 2009-10-04 15:28 . 2009-10-04 15:28 4448256 c:\windows\ERDNT\AutoBackup\10-4-2009\Users\00000001\NTUSER.DAT
+ 2009-10-03 17:20 . 2009-10-03 17:20 4423680 c:\windows\ERDNT\AutoBackup\10-3-2009\Users\00000001\NTUSER.DAT
+ 2009-10-02 21:23 . 2009-10-02 21:23 4423680 c:\windows\ERDNT\AutoBackup\10-2-2009\Users\00000001\NTUSER.DAT
+ 2009-10-01 23:05 . 2009-10-01 23:05 4407296 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000001\NTUSER.DAT
+ 2007-05-23 02:32 . 2009-09-24 18:06 4023624 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2009-08-12 01:16 . 2008-04-14 00:12 1314816 c:\windows\$NtUninstallKB973354$\msoe.dll
+ 2009-08-12 01:17 . 2008-04-14 00:11 2061824 c:\windows\$NtUninstallKB956744$\mstscax.dll
+ 2009-07-11 01:54 . 2009-07-11 01:54 1315328 c:\windows\$hf_mig$\KB973354\SP3QFE\msoe.dll
+ 2009-06-29 16:23 . 2009-06-29 16:23 1163264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\urlmon.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 3600384 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
+ 2009-07-19 13:31 . 2009-07-19 13:31 6070784 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dat
+ 2009-08-11 22:45 . 2009-06-09 15:21 2067968 c:\windows\$hf_mig$\KB956744\SP3QFE\lhmstscx.dll
+ 2004-08-11 22:00 . 2009-07-14 06:43 10841088 c:\windows\system32\wmp.dll
+ 2008-08-23 07:38 . 2009-07-14 06:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-12 01:16 . 2008-11-12 01:34 10838016 c:\windows\$NtUninstallKB973540_WM9$\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 30720]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-10 30720]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\GHL\SELF-I~1\Avast\ashDisp.exe" [2009-10-10 30720]
"PWRISOVM.EXE"="c:\program files\GHL\Self-Installed\PowerISO\PWRISOVM.EXE" [2009-10-10 30720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-3 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\GHL\Self-Installed\Palm\Hotsync.exe [2004-6-9 471040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 23:05 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GHL\\Self-Installed\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [7/10/2009 9:25 PM 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [7/10/2009 9:25 PM 39456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/6/2009 12:26 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2009 12:26 AM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/4/2008 9:00 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/4/2008 9:00 AM 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2009 7:55 AM 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Dell QuickSet - c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 20:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(1156)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\GHL\Self-Installed\Avast\aswUpdSv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\GHL\Self-Installed\PowerISO\pwrisovm .exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\GHL\SELF-I~1\Avast\ashdisp .exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2009-10-10 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 03:44
ComboFix2.txt 2009-07-28 10:23

Pre-Run: 3,194,212,352 bytes free
Post-Run: 3,224,936,448 bytes free

809 --- E O F --- 2009-09-10 08:39

#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 11 October 2009 - 09:41 PM

Hi Greyspace,

While we are waiting to hear back from MBAM

I meant I had posted your last MBAM log at their site for them to confirm if it was a false positive or not. It looks like they have corrected it.

We can start cleaning up the remnants of the infections.

You will need to update MBAM first then run the scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


We will be using Combofix again but will run it differently.


Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE

http://forums.whatthetech.com/Win32_Trojan_Agent_Gen_Trojan_dropper_Win_NV_Removal_Help_t107543.html

Collect::
C:\wridiint.exe
C:\tixqapi.exe

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Please post back with
  • MBAM log
  • combofix log
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#7 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 12 October 2009 - 04:54 AM

Again, thanks so much for your patience and assistance. Below are the requested logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2945
Windows 5.1.2600 Service Pack 3

10/12/2009 3:32:22 AM
mbam-log-2009-10-12 (03-32-22).txt

Scan type: Quick Scan
Objects scanned: 116183
Time elapsed: 13 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\wridiint.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


--------------

ComboFix 09-10-11.02 - GHL 10/12/2009 3:45.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -7:00]
Running from: c:\documents and settings\GHL\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GHL\Application Data\iniasd.txt
c:\documents and settings\GHL\Application Data\svcst .exe

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-11 05:22 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-11 05:22 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-11 05:22 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-11 05:22 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-11 05:22 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-11 05:22 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-11 05:22 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-11 05:22 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-11 04:10 . 2009-10-11 04:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-11 04:10 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-11 04:10 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-11 04:10 . 2009-10-11 04:11 -------- d-----w- c:\program files\ZoneAlarm
2009-10-11 04:10 . 2009-10-11 04:10 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-11 04:10 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-11 04:08 . 2009-10-12 10:36 -------- d-----w- c:\windows\Internet Logs
2009-10-11 04:08 . 2009-10-11 04:08 33952648 ----a-w- c:\program files\zaSetup_80_298_000_en.exe
2009-10-10 17:09 . 2009-10-10 17:15 -------- d-----w- C:\Combo-Fix
2009-10-10 06:12 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-10 06:12 . 2009-10-10 06:12 -------- d-----w- c:\program files\Avast4
2009-10-10 03:58 . 2009-10-10 03:58 -------- d-----w- c:\program files\bambite
2009-10-10 03:54 . 2009-10-10 03:54 -------- d-----w- c:\program files\SAS
2009-10-10 03:53 . 2009-10-10 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- C:\ERDNT
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- c:\windows\ERUNT
2009-10-10 03:23 . 2009-10-10 03:23 -------- d-----w- C:\!FixIEDef
2009-10-10 03:00 . 2009-10-10 17:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-10 03:00 . 2009-10-10 03:00 -------- d-----w- c:\documents and settings\GH\Application Data\SUPERAntiSpyware.com
2009-10-10 02:58 . 2009-10-10 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 02:43 . 2009-10-10 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-10 02:33 . 2009-10-10 02:33 207872 ----a-w- C:\tixqapi.exe
2009-09-30 23:33 . 2009-09-30 23:37 -------- d-----w- c:\windows\system32\NtmsData
2009-09-20 14:45 . 2009-09-20 14:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 10:15 . 2007-10-14 13:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 10:13 . 2007-04-20 16:07 -------- d-----w- c:\program files\LogMeIn
2009-10-11 05:16 . 2009-07-12 17:49 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-10-10 20:18 . 2007-12-29 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-10 05:42 . 2007-04-04 03:09 -------- d-----w- c:\program files\NetWaiting
2009-10-10 02:33 . 2004-08-11 22:00 14336 ------w- c:\windows\system32\svchost.exe
2009-10-09 21:21 . 2007-04-04 02:48 48935 ----a-w- c:\windows\system32\nvModes.dat
2009-10-04 22:06 . 2007-09-28 00:45 -------- d-----w- c:\documents and settings\GHL\Application Data\Move Networks
2009-10-03 00:47 . 2009-04-18 12:06 -------- d-----w- c:\documents and settings\GHL\Application Data\uTorrent
2009-09-10 21:54 . 2009-03-08 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-08 19:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:23 . 2009-09-10 08:13 -------- d-----w- c:\program files\FLAC
2009-09-10 08:38 . 2007-07-16 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 08:11 . 2009-09-10 08:11 2744087 ----a-w- c:\program files\flac-1.2.1b.exe
2009-09-09 01:16 . 2009-09-09 01:16 -------- d-----w- c:\program files\TechSmith
2009-09-08 00:47 . 2009-08-30 00:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 00:47 . 2009-09-08 00:46 7886336 ----a-w- c:\program files\moto setup.msi
2009-09-07 23:05 . 2008-02-04 16:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-07 23:05 . 2007-04-20 16:07 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-07 23:05 . 2007-04-20 16:07 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-07 23:05 . 2006-10-07 02:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 23:05 . 2006-10-07 02:56 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-08-29 21:02 . 2008-02-09 03:31 -------- d-----w- c:\documents and settings\GHL\Application Data\Canon
2009-08-07 02:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-07-16 15:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-16 15:36 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 01:38 . 2009-08-02 01:37 6008376 ----a-w- c:\program files\ashampoo_burning_studio_6_free_676_4280.exe
2009-07-31 23:36 . 2009-07-31 23:37 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 04:37 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-23 17:52 . 2009-07-23 17:52 278221 ----a-w- c:\program files\gmer.zip
2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 01:20 . 2009-07-12 01:20 265216 ----a-w- c:\program files\TFC.exe
2009-07-12 01:18 . 2009-07-12 01:14 794112 ----a-w- c:\program files\The_Comedian.exe
2009-07-11 12:50 . 2009-07-11 12:50 812344 ----a-w- c:\program files\HJTInstall.exe
2009-07-11 04:24 . 2009-07-11 04:24 5575824 ----a-w- c:\program files\CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe
2009-07-04 22:26 . 2009-07-04 22:26 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2009-07-04 18:04 . 2009-07-04 02:40 23442487 ----a-w- c:\program files\INSTALL.zip
2009-07-04 17:39 . 2009-07-04 17:38 2790624 ----a-w- c:\program files\x-audio-converter-CNET.exe
2009-07-04 17:27 . 2009-07-04 17:27 6698028 ----a-w- c:\program files\aaep.exe
2009-07-04 17:23 . 2009-07-04 17:01 8079082 ----a-w- c:\program files\audioextractor.exe
2009-07-04 17:19 . 2009-07-04 17:18 3176437 ----a-w- c:\program files\youtubedownloader.exe
2009-07-04 02:41 . 2009-07-04 02:41 7814384 ----a-w- c:\program files\audiocapture_wmf_setup.exe
2009-07-04 02:30 . 2009-07-04 02:29 751167 ----a-w- c:\program files\sc11a.exe
2009-07-04 02:23 . 2009-07-04 02:23 2813421 ----a-w- c:\program files\m4a-to-mp3-converter.exe
2009-07-04 01:58 . 2009-07-04 01:57 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-07-03 18:34 . 2009-07-03 18:34 434832 ----a-w- c:\program files\switchsetup.exe
2009-07-03 18:31 . 2009-07-03 18:25 6692753 ----a-w- c:\program files\Setup_FreeConverter.exe
2009-07-03 18:18 . 2009-07-03 18:18 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-06-24 14:03 . 2009-06-24 14:02 13905056 ----a-w- c:\program files\aim6591.exe
2009-04-12 19:32 . 2009-04-12 19:30 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-04-19 18:28 . 2008-01-09 03:19 88 --sh--r- c:\windows\system32\1B491E2DAE.sys
2009-04-19 18:28 . 2008-01-09 03:19 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-10-10_03.41.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-12 10:34 . 2009-10-12 10:34 16384 c:\windows\temp\Perflib_Perfdata_15c.dat
+ 2009-10-11 04:10 . 2009-02-16 07:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-10-11 04:10 . 2008-11-17 09:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-10-11 04:10 . 2009-02-16 07:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 35208 c:\windows\system32\vswmi.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 58248 c:\windows\system32\vsregexp.dll
+ 2009-10-11 04:08 . 2009-10-11 04:08 62464 c:\windows\Installer\ee84c.msi
+ 2009-10-10 03:54 . 2009-10-10 03:54 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-10-10 03:00 . 2009-10-10 03:00 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-10-10 03:00 . 2009-10-10 03:00 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-10 03:54 . 2009-10-10 03:54 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-09-08 00:47 . 2009-10-11 12:59 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
- 2009-09-08 00:47 . 2009-09-08 00:47 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
- 2009-09-08 00:47 . 2009-09-08 00:47 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2009-09-08 00:47 . 2009-10-11 12:59 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2009-10-11 04:10 . 2009-02-16 07:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-10-10 03:54 . 2009-10-10 03:54 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-10-10 03:00 . 2009-10-10 03:00 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 12:23 . 2008-07-29 12:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 10:51 . 2008-07-29 10:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-10-11 04:08 . 2009-02-16 07:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
+ 2009-10-11 04:10 . 2007-10-11 23:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-10-11 04:10 . 2008-11-17 09:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-10-11 04:10 . 2008-11-17 09:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-10-11 04:08 . 2009-02-05 01:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-10-11 04:10 . 2008-03-17 23:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 109960 c:\windows\system32\vsxml.dll
+ 2009-10-11 04:08 . 2009-02-16 07:10 482184 c:\windows\system32\vsutil.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-10-11 04:08 . 2009-02-16 07:10 229256 c:\windows\system32\vsinit.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-10-11 04:08 . 2009-02-16 07:10 110472 c:\windows\system32\vsdata.dll
+ 2009-10-12 10:16 . 2009-10-12 10:16 503808 c:\windows\ERDNT\AutoBackup\10-12-2009\Users\00000002\UsrClass.dat
+ 2009-10-12 10:16 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-12-2009\ERDNT.EXE
+ 2009-10-11 11:51 . 2009-10-11 11:51 503808 c:\windows\ERDNT\AutoBackup\10-11-2009\Users\00000002\UsrClass.dat
+ 2009-10-11 11:51 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-11-2009\ERDNT.EXE
+ 2009-10-10 17:07 . 2009-10-10 17:07 503808 c:\windows\ERDNT\AutoBackup\10-10-2009\Users\00000002\UsrClass.dat
+ 2009-10-10 17:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-10-2009\ERDNT.EXE
+ 2009-10-11 04:10 . 2009-02-16 07:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-10-11 04:10 . 2008-11-17 09:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2009-10-11 04:10 . 2009-02-16 07:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-10-10 03:54 . 2009-10-10 03:54 1583616 c:\windows\Installer\5375f.msi
+ 2009-10-12 10:16 . 2009-10-12 10:16 4517888 c:\windows\ERDNT\AutoBackup\10-12-2009\Users\00000001\NTUSER.DAT
+ 2009-10-11 11:51 . 2009-10-11 11:51 4517888 c:\windows\ERDNT\AutoBackup\10-11-2009\Users\00000001\NTUSER.DAT
+ 2009-10-10 17:07 . 2009-10-10 17:07 4485120 c:\windows\ERDNT\AutoBackup\10-10-2009\Users\00000001\NTUSER.DAT
+ 2009-10-11 04:10 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-10-11 04:10 . 2008-12-15 08:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"tunebite.exe"="c:\program files\GHL\Self-Installed\Tunebite\tunebite.exe" [2007-09-13 2846720]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\bambite\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\GHL\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-3 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\GHL\Self-Installed\Palm\Hotsync.exe [2004-6-9 471040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SAS\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 23:05 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GHL\\Self-Installed\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [7/10/2009 9:25 PM 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [7/10/2009 9:25 PM 39456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2009 10:22 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SAS\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SAS\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2009 10:22 PM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/4/2008 9:00 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/4/2008 9:00 AM 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2009 7:55 AM 24652]
S3 SASENUM;SASENUM;c:\program files\SAS\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\GHL\Self-Installed\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 03:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SAS\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-10-12 3:51
ComboFix-quarantined-files.txt 2009-10-12 10:51
ComboFix2.txt 2009-10-10 17:15
ComboFix3.txt 2009-10-10 03:44
ComboFix4.txt 2009-07-28 10:23

Pre-Run: 3,227,254,784 bytes free
Post-Run: 3,277,340,672 bytes free

337 --- E O F --- 2009-09-10 08:39

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 12 October 2009 - 06:34 PM

Hi Greyspace,

You are welcome. You didn't quite run combofix as I intended. MBAM got one of the files, we'll use another tool for the other.

First we'll update your java.

Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

After the java is updated, reboot your computer if not prompted to.

Please download OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Do not copy the word CODE

    :Files
    C:\tixqapi.exe
    
    :Commands
    [emptytemp]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After the reboot, OTM will start automatically to finish the move process. Highlight everything in the Results pane (underneath the green bar) by right-clicking in it and choosing Select All and then right-clicking again and choosing Copy. Return to this topic and click the Reply button, right-click in the Reply window and choose paste to copy all of the results back here.

Next

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply along with a new HijackThis log.

Please post back with
  • OTM log
  • Kaspersky log
  • new DDS log taken after all other steps
How's the compter?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 13 October 2009 - 12:51 PM

Sorry about that. I thought that I had run MBAM the way it was requested. I guess something must have gone wrong. Below are the logs as you requested. I wasn't sure if the DDS log should be pasted or attached so I have attached it. Please let me know if I should do it differently. The computer seems to be running fine, however, I just get concerned that there is something loaded/hidden somewhere that'll cause a problem or steal information, etc. One thing I did notice was that I installed a new firewall and it is popping up with something called autotag.exe. Im not sure if this is supposed to be here or if it is part of the malware or...? I tried to do a search online but couldnt find any information on it or the ip it is trying to access. Do you have any information? I appreciate all your time and help. ---- All processes killed ========== FILES ========== C:\tixqapi.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 78991 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: GH ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 157915 bytes ->Java cache emptied: 25493434 bytes User: GHL ->Temp folder emptied: 3195955 bytes ->Temporary Internet Files folder emptied: 23510681 bytes ->Java cache emptied: 14893630 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 65670 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2673152 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_148.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 49408 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 67.00 mb OTM by OldTimer - Version 3.0.0.6 log created on 10132009_034113 Files moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_148.dat moved successfully. Registry entries deleted on Reboot... -------------- -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 13, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 13, 2009 12:18:30 Records in database: 2966503 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 71789 Threats found: 10 Infected objects found: 20 Suspicious objects found: 0 Scan duration: 01:22:33 File name / Threat / Threats count C:\Program Files\Adobe\acrotray .exe Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\GHL\Self-Installed\LogMeIn.msi Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 2 C:\Program Files\GHL\Self-Installed\rundll32.exe nvhotkey.dll,start Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\GHL\Self-Installed\stsystra.exe Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\GHL\Self-Installed\Tunebite\tunebite .exe Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe -tray Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Qoobox\Quarantine\C\Documents and Settings\GH\rundll32.exe nvhotkey .exe.vir Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Qoobox\Quarantine\C\Documents and Settings\GH\stsystra .exe.vir Infected: Trojan-Downloader.Win32.Small.kgn 1 C:\Qoobox\Quarantine\C\Documents and Settings\GHL\Application Data\svcst .exe.vir Infected: Trojan.Win32.Vilsel.idd 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Infected: Trojan.HTML.Fraud.b 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\p0duaad.dll.vir Infected: Trojan-Downloader.Win32.Small.ante 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate .exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.ftv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.ftv 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan.Win32.Vilsel.ihc 1 C:\_OTM\MovedFiles\10132009_034113\tixqapi.exe Infected: Trojan.Win32.Agent2.cjge 1 C:\_OTM\MovedFiles\10132009_034113\tixqapi.exe Infected: Trojan.Win32.Agent.cyna 1 Selected area has been scanned. ----------------

Attached Files


Edited by greyspace, 13 October 2009 - 01:08 PM.


#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 13 October 2009 - 06:06 PM

Hi Greyspace,

I thought that I had run MBAM the way it was requested.

Actually it was combofix that I was refering to.

autotag.exe. Im not sure if this is supposed to be here or if it is part of the malware or...? I tried to do a search online but couldnt find any information on it or the ip it is trying to access.

It seems to be related to music/video management. Not sure why it would be trying to access the internet unless you are using a P2P program. What is the IP it's trying to connect to?

You attached the Attach.txt, I need the DDS.txt. It should open whe DDS has completed it's scan.

I see what may be an infection that combofix should pick up.

Locate combofix.exe on your desktop. Right click it and select delete.

Download a new copy from

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 13 October 2009 - 06:27 PM

Hi again.

Sorry about that. I meant to write that I thought I had run combofix the way you had instructed, but I must have done something incorrectly.

With regrad to the autotag.exe file. Im not sure what it could be. It pops up when I first turn the computer on so I'm not sure what program would need to access that IP right when I turn the computer on (which is what has me concerned). I will need to restart in order to get the IP address again, and I will follow up with this post with the addresss after I paste the logs below. Again, thanks so much for your time and help.


Below are the combofix logs and ddstxt.

ComboFix 09-10-13.01 - GHL 10/13/2009 17:12.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1231 [GMT -7:00]
Running from: c:\documents and settings\GHL\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-13 10:41 . 2009-10-13 10:41 -------- d-----w- C:\_OTM
2009-10-11 05:22 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-11 05:22 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-11 05:22 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-11 05:22 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-11 05:22 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-11 05:22 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-11 05:22 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-11 05:22 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-11 04:10 . 2009-10-11 04:10 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-11 04:10 . 2009-02-16 07:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-11 04:10 . 2009-02-16 07:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-11 04:10 . 2009-10-11 04:11 -------- d-----w- c:\program files\ZoneAlarm
2009-10-11 04:10 . 2009-10-11 04:10 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-11 04:10 . 2009-02-16 07:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-11 04:08 . 2009-10-14 00:09 -------- d-----w- c:\windows\Internet Logs
2009-10-11 04:08 . 2009-10-11 04:08 33952648 ----a-w- c:\program files\zaSetup_80_298_000_en.exe
2009-10-10 17:09 . 2009-10-10 17:15 -------- d-----w- C:\Combo-Fix
2009-10-10 06:12 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-10 06:12 . 2009-10-10 06:12 -------- d-----w- c:\program files\Avast4
2009-10-10 03:58 . 2009-10-10 03:58 -------- d-----w- c:\program files\bambite
2009-10-10 03:54 . 2009-10-10 03:54 -------- d-----w- c:\program files\SAS
2009-10-10 03:53 . 2009-10-10 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- C:\ERDNT
2009-10-10 03:24 . 2009-10-10 03:24 -------- d-----w- c:\windows\ERUNT
2009-10-10 03:23 . 2009-10-10 03:23 -------- d-----w- C:\!FixIEDef
2009-10-10 03:00 . 2009-10-10 17:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-10 03:00 . 2009-10-10 03:00 -------- d-----w- c:\documents and settings\GH\Application Data\SUPERAntiSpyware.com
2009-10-10 02:58 . 2009-10-10 03:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 02:43 . 2009-10-10 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-30 23:33 . 2009-09-30 23:37 -------- d-----w- c:\windows\system32\NtmsData
2009-09-20 14:45 . 2009-09-20 14:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 12:47 . 2007-04-04 02:48 48935 ----a-w- c:\windows\system32\nvModes.dat
2009-10-13 10:31 . 2007-04-04 03:01 -------- d-----w- c:\program files\Java
2009-10-13 10:24 . 2007-10-14 13:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-13 10:23 . 2007-04-20 16:07 -------- d-----w- c:\program files\LogMeIn
2009-10-11 05:16 . 2009-07-12 17:49 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-10-10 20:18 . 2007-12-29 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-10 05:42 . 2007-04-04 03:09 -------- d-----w- c:\program files\NetWaiting
2009-10-10 02:33 . 2004-08-11 22:00 14336 ------w- c:\windows\system32\svchost.exe
2009-10-04 22:06 . 2007-09-28 00:45 -------- d-----w- c:\documents and settings\GHL\Application Data\Move Networks
2009-10-03 00:47 . 2009-04-18 12:06 -------- d-----w- c:\documents and settings\GHL\Application Data\uTorrent
2009-09-10 21:54 . 2009-03-08 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-03-08 19:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 13:23 . 2009-09-10 08:13 -------- d-----w- c:\program files\FLAC
2009-09-10 08:38 . 2007-07-16 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 08:11 . 2009-09-10 08:11 2744087 ----a-w- c:\program files\flac-1.2.1b.exe
2009-09-09 01:16 . 2009-09-09 01:16 -------- d-----w- c:\program files\TechSmith
2009-09-08 00:47 . 2009-08-30 00:01 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-08 00:47 . 2009-09-08 00:46 7886336 ----a-w- c:\program files\moto setup.msi
2009-09-07 23:05 . 2008-02-04 16:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-07 23:05 . 2007-04-20 16:07 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-07 23:05 . 2007-04-20 16:07 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-07 23:05 . 2006-10-07 02:56 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 23:05 . 2006-10-07 02:56 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-08-29 21:02 . 2008-02-09 03:31 -------- d-----w- c:\documents and settings\GHL\Application Data\Canon
2009-08-07 02:24 . 2004-08-11 22:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2004-08-11 22:12 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2004-08-11 22:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2004-08-11 22:12 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-11 22:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2004-08-11 22:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-07-16 15:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2007-07-16 15:36 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2004-08-11 22:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 01:38 . 2009-08-02 01:37 6008376 ----a-w- c:\program files\ashampoo_burning_studio_6_free_676_4280.exe
2009-07-29 04:37 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-25 12:23 . 2009-07-31 23:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 17:52 . 2009-07-23 17:52 278221 ----a-w- c:\program files\gmer.zip
2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 01:20 . 2009-07-12 01:20 265216 ----a-w- c:\program files\TFC.exe
2009-07-12 01:18 . 2009-07-12 01:14 794112 ----a-w- c:\program files\The_Comedian.exe
2009-07-11 12:50 . 2009-07-11 12:50 812344 ----a-w- c:\program files\HJTInstall.exe
2009-07-11 04:24 . 2009-07-11 04:24 5575824 ----a-w- c:\program files\CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe
2009-07-04 22:26 . 2009-07-04 22:26 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2009-07-04 18:04 . 2009-07-04 02:40 23442487 ----a-w- c:\program files\INSTALL.zip
2009-07-04 17:39 . 2009-07-04 17:38 2790624 ----a-w- c:\program files\x-audio-converter-CNET.exe
2009-07-04 17:27 . 2009-07-04 17:27 6698028 ----a-w- c:\program files\aaep.exe
2009-07-04 17:23 . 2009-07-04 17:01 8079082 ----a-w- c:\program files\audioextractor.exe
2009-07-04 17:19 . 2009-07-04 17:18 3176437 ----a-w- c:\program files\youtubedownloader.exe
2009-07-04 02:41 . 2009-07-04 02:41 7814384 ----a-w- c:\program files\audiocapture_wmf_setup.exe
2009-07-04 02:30 . 2009-07-04 02:29 751167 ----a-w- c:\program files\sc11a.exe
2009-07-04 02:23 . 2009-07-04 02:23 2813421 ----a-w- c:\program files\m4a-to-mp3-converter.exe
2009-07-04 01:58 . 2009-07-04 01:57 77690152 ----a-w- c:\program files\iTunesSetup.exe
2009-07-03 18:34 . 2009-07-03 18:34 434832 ----a-w- c:\program files\switchsetup.exe
2009-07-03 18:31 . 2009-07-03 18:25 6692753 ----a-w- c:\program files\Setup_FreeConverter.exe
2009-07-03 18:18 . 2009-07-03 18:18 21935408 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-06-24 14:03 . 2009-06-24 14:02 13905056 ----a-w- c:\program files\aim6591.exe
2009-04-12 19:32 . 2009-04-12 19:30 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-04-19 18:28 . 2008-01-09 03:19 88 --sh--r- c:\windows\system32\1B491E2DAE.sys
2009-04-19 18:28 . 2008-01-09 03:19 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-10-12_10.49.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 18:53 . 2009-10-13 18:53 16384 c:\windows\temp\Perflib_Perfdata_14c.dat
+ 2009-10-13 10:32 . 2009-07-25 12:23 149280 c:\windows\system32\javaws.exe
+ 2009-10-13 10:32 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe
+ 2009-10-13 10:32 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe
+ 2009-10-13 10:25 . 2009-10-13 10:25 503808 c:\windows\ERDNT\AutoBackup\10-13-2009\Users\00000002\UsrClass.dat
+ 2009-10-13 10:25 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\10-13-2009\ERDNT.EXE
+ 2009-10-13 10:25 . 2009-10-13 10:25 4517888 c:\windows\ERDNT\AutoBackup\10-13-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"tunebite.exe"="c:\program files\GHL\Self-Installed\Tunebite\tunebite.exe" [2007-09-13 2846720]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\bambite\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-03-21 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\GHL\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-3 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\GHL\Self-Installed\Palm\Hotsync.exe [2004-6-9 471040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SAS\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SAS\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-07 23:05 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GHL\\Self-Installed\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [7/10/2009 9:25 PM 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [7/10/2009 9:25 PM 39456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2009 10:22 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SAS\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SAS\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2009 10:22 PM 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/4/2008 9:00 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/4/2008 9:00 AM 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/12/2009 7:55 AM 24652]
R3 SASENUM;SASENUM;c:\program files\SAS\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 17:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SAS\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(10400)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-14 17:21
ComboFix-quarantined-files.txt 2009-10-14 00:21
ComboFix2.txt 2009-10-12 10:51
ComboFix3.txt 2009-10-10 17:15
ComboFix4.txt 2009-10-10 03:44
ComboFix5.txt 2009-10-14 00:10

Pre-Run: 3,098,595,328 bytes free
Post-Run: 3,169,853,440 bytes free

262 --- E O F --- 2009-09-10 08:39
-------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by GHL at 17:23:12.37 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -7:00]

AV: avast! antivirus 4.8.1356 [VPS 091013-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\GHL\Self-Installed\Tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\GHL\Self-Installed\Palm\Hotsync.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SAS\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GHL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070403
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: VideoRaptorIePlugin Class: {90c8e8f8-a7c9-41e4-92e4-c679ae6fb78d} - c:\program files\videoraptor\VideoRaptorIePlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [tunebite.exe] c:\program files\ghl\self-installed\tunebite\tunebite.exe -tray
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\bambite\mbam.exe" /runcleanupscript
mRun: [ZoneAlarm Client] "c:\program files\zonealarm\zlclient.exe"
mRun: [avast!] c:\progra~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\ghl\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\ghl\self-installed\palm\Hotsync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\sas\SASWINLO.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\sas\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-7-10 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [2009-7-10 39456]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-10 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\sas\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\sas\SASKUTIL.SYS [2009-9-15 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-10-10 353672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast4\ashServ.exe [2009-10-9 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-4 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-4 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-12 24652]
R3 SASENUM;SASENUM;c:\program files\sas\SASENUM.SYS [2009-9-15 7408]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast4\ashMaiSv.exe [2009-10-9 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast4\ashWebSv.exe [2009-10-9 352920]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-13 03:41 <DIR> --d----- C:\_OTM
2009-10-10 21:10 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-10-10 21:10 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-10-10 21:10 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-10-10 21:10 <DIR> --d----- c:\program files\ZoneAlarm
2009-10-10 21:10 350,192 a------- c:\windows\system32\vsconfig.xml
2009-10-10 21:08 <DIR> --d----- c:\windows\Internet Logs
2009-10-10 21:08 33,952,648 a------- c:\program files\zaSetup_80_298_000_en.exe
2009-10-10 10:09 236,544 a------- c:\windows\PEV.exe
2009-10-10 10:09 161,792 a------- c:\windows\SWREG.exe
2009-10-10 10:09 98,816 a------- c:\windows\sed.exe
2009-10-10 10:09 <DIR> --d----- C:\Combo-Fix
2009-10-09 23:12 <DIR> --d----- c:\program files\Avast4
2009-10-09 20:58 <DIR> --d----- c:\program files\bambite
2009-10-09 20:54 <DIR> --d----- c:\program files\SAS
2009-10-09 20:53 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-09 20:24 <DIR> --d----- c:\windows\ERUNT
2009-10-09 20:23 <DIR> --d----- C:\!FixIEDef
2009-10-09 20:00 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-09 19:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 16:33 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-10-13 05:47 48,935 a------- c:\windows\system32\nvModes.dat
2009-10-10 22:16 308,160 a------- c:\program files\avast_home_setup.exe
2009-10-09 19:33 14,336 -------- c:\windows\system32\svchost.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-10 01:11 2,744,087 a------- c:\program files\flac-1.2.1b.exe
2009-09-07 17:47 7,886,336 a------- c:\program files\moto setup.msi
2009-09-07 16:05 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-09-07 16:05 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-07 16:05 87,352 a------- c:\windows\system32\LMIinit.dll
2009-09-07 16:05 25,248 a------- c:\windows\system32\LMImirr.dll
2009-09-07 16:05 11,552 a------- c:\windows\system32\LMImirr2.dll
2009-08-13 08:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 18:38 6,008,376 a------- c:\program files\ashampoo_burning_studio_6_free_676_4280.exe
2009-07-28 21:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:37 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:37 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-23 10:52 278,221 a------- c:\program files\gmer.zip
2009-07-19 06:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 12:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-11 18:20 265,216 a------- c:\program files\TFC.exe
2009-07-11 18:18 794,112 a------- c:\program files\The_Comedian.exe
2009-07-11 05:50 812,344 a------- c:\program files\HJTInstall.exe
2009-07-10 21:24 5,575,824 a------- c:\program files\CSC_Setup_1.1.64946.38_xp_vista_server2003_x32.exe
2009-07-04 15:26 2,228,534 a------- c:\program files\audacity-win-1.2.6.exe
2009-07-04 11:04 23,442,487 a------- c:\program files\INSTALL.zip
2009-07-04 10:39 2,790,624 a------- c:\program files\x-audio-converter-CNET.exe
2009-07-04 10:27 6,698,028 a------- c:\program files\aaep.exe
2009-07-04 10:23 8,079,082 a------- c:\program files\audioextractor.exe
2009-07-04 10:19 3,176,437 a------- c:\program files\youtubedownloader.exe
2009-07-03 19:41 7,814,384 a------- c:\program files\audiocapture_wmf_setup.exe
2009-07-03 19:30 751,167 a------- c:\program files\sc11a.exe
2009-07-03 19:23 2,813,421 a------- c:\program files\m4a-to-mp3-converter.exe
2009-07-03 18:58 77,690,152 a------- c:\program files\iTunesSetup.exe
2009-07-03 11:34 434,832 a------- c:\program files\switchsetup.exe
2009-07-03 11:31 6,692,753 a------- c:\program files\Setup_FreeConverter.exe
2009-07-03 11:18 21,935,408 a------- c:\program files\QuickTimeInstaller.exe
2009-06-24 07:03 13,905,056 a------- c:\program files\aim6591.exe
2009-04-12 12:32 15,452,536 a------- c:\program files\IE7-WindowsXP-x86-enu.exe

============= FINISH: 17:23:20.78 ===============

#12 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 13 October 2009 - 06:36 PM

With regard to the autotag.exe file and my firewall, it appears that it first tries to access my router 192.168.0.1 and then I get another message that it is trying to access the ip: 213.239.207.67. Again, I can't seem to find any information on this.

Edited by greyspace, 13 October 2009 - 06:44 PM.


#13 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 13 October 2009 - 07:15 PM

With regard to the autotag.exe file and my firewall, it appears that it first tries to access my router 192.168.0.1 and then I get another message that it is trying to access the ip: 213.239.207.67.

Again, I can't seem to find any information on this.



I just found out that it seems the autotag.exe file seems to be associated with Tunebite. I'm uncertain as to why all this stuff from tunebite is popping up as it hasn't been an issue in the past. I also haven't used the program in a few years either so I'm not certain what is going on.

#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 13 October 2009 - 11:30 PM

Hi Greyspace,

That IP comes from a hosting site,
http://www.hostsearc...r_online_ag.asp

That's all I can tell you about it. Do you recognize the site or any program that may be associated?

It would appear you have a file infecter. If you look closely you will see a space in the filename between the name and the .exe acrotray .exe. The Abobe Reader is old and vulnernable and should be replaced with the new version.

This is the rest of the Kaspersky detections other than the one all ready quarantined.

I just found out that it seems the autotag.exe file seems to be associated with Tunebite.

Another program that has an infected file is Tunebites. It can be uninstalled and reinstalled later. tunebite .exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe Infected:
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

Related to Macrovision, it checks for updates. These files are infected and can be removed.

C:\Program Files\GHL\Self-Installed\rundll32.exe nvhotkey.dll

nVIDIA_ForceWare

C:\Program Files\GHL\Self-Installed\stsystra.exe

Sigmatel Audio soundcard , I don't see any Sigmatel software installed.

Let's uninstall a couple of programs and test some files to see what other venders are calling the detections. I can find no information on the Kaspersky discriptions.

Go to add/remove programs and uninstall

Adobe Reader 7.0.8
Tunebite 4.1.0.35


We need some file informantion
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path, one at a time into the "Suspicious files to scan" box on the top of the page:

    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\GHL\Self-Installed\stsystra.exe

  • Make sure the scan is completed and the results saved before submitting the next one
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please post back with the VirScan results.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#15 greyspace

greyspace

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 14 October 2009 - 06:37 AM

Hi there,

I deleted the tunebites and adobe files as directed. I did not delete any of the other files you mentioned were infected because I was not sure I was supposed to and wasn't entirely sure how to do so.

As far as the IP address goes, Im not familiar with anything on that site.

I have pasted the contents of the scan below. When I ran the scans, the first and third scans would not allow me to hit, "rescan." That option was grayed out and I could only view results. I hope that is okay.



Once again, I really appreciate the time you're putting in to help me on this.




VirSCAN.org Scanned Report :
Scanned time : 2009/10/14 04:48:43 (PDT)
Scanner results: 65% Scanner(24/37) found malware!
File Name : isuspm .exe
File Size : 30720 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0334b4eb4fbfb33c0f821d94bd30c7fa
SHA1 : 6e1e44b0803c70adc6ea5b5b537e6c87c8751722
Online report : http://virscan.org/r...2a14732b4f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091014103134 2009-10-14 4.78 Trojan-Downloader.Win32.Small!IK
AhnLab V3 2009.10.14.01 2009.10.14 2009-10-14 1.68 Win-Trojan/Downloader.30720.EO
AntiVir 8.2.1.35 7.1.6.108 2009-10-14 0.11 TR/Dldr.Small.kgn
Antiy 2.0.18 20091014.3003440 2009-10-14 0.13 Trojan/Win32.Small.anuu[Downloader]
Arcavir 2009 200910131451 2009-10-13 0.07 Downloader.Small.Kgn
Authentium 5.1.1 200910140109 2009-10-14 1.29 -
AVAST! 4.7.4 091013-0 2009-10-13 0.01 Win32:Malware-gen
AVG 8.5.288 270.14.16/2435 2009-10-14 0.33 Worm/Koobface.K
BitDefender 7.81008.4340308 7.28314 2009-10-14 3.74 Trojan.Generic.2520953
CA (VET) 9.0.0.143 35.1.7065 2009-10-14 6.80 -
ClamAV 0.95.2 9893 2009-10-14 0.01 -
Comodo 3.12 2599 2009-10-13 0.76 -
CP Secure 1.3.0.5 2009.10.14 2009-10-14 0.05 Troj.Downloader.W32.Small.kgn
Dr.Web 4.44.0.9170 2009.10.14 2009-10-14 5.67 Trojan.DownLoad.50126
F-Prot 4.4.4.56 20091013 2009-10-13 1.29 -
F-Secure 7.02.73807 2009.10.14.04 2009-10-14 0.09 Trojan-Downloader.Win32.Small.kgn [AVP]
Fortinet 2.81-3.120 10.941 2009-10-13 0.20 W32/Small.KGN!tr.dldr
GData 19.8392/19.510 20091014 2009-10-14 5.53 Win32:Malware-gen [Engine:A]
ViRobot 20091013 2009.10.13 2009-10-13 0.44 -
Ikarus T3.1.01.72 2009.10.14.74109 2009-10-14 4.12 Trojan-Downloader.Win32.Small
JiangMin 11.0.800 2009.10.08 2009-10-08 3.81 -
Kaspersky 5.5.10 2009.10.14 2009-10-14 0.06 Trojan-Downloader.Win32.Small.kgn
KingSoft 2009.2.5.15 2009.10.14.7 2009-10-14 0.55 Win32.TrojDownloader.Small.30720
McAfee 5.3.00 5770 2009-10-13 3.33 Generic Downloader.x!bnr
Microsoft 1.5101 2009.10.14 2009-10-14 5.84 -
Norman 6.01.09 6.01.00 2009-10-13 4.00 W32/Agent.RUSW
Panda 9.05.01 2009.10.13 2009-10-13 2.88 Trj/Downloader.MDW
Trend Micro 8.700-1004 6.542.01 2009-10-13 0.02 TROJ_AGENT.ZXDG
Quick Heal 10.00 2009.10.13 2009-10-13 1.21 TrojanDownloader.Small.kgn
Rising 20.0 21.51.20.00 2009-10-14 0.99 -
Sophos 3.00.1 4.46 2009-10-14 2.45 -
Sunbelt 5448 5448 2009-10-13 1.53 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20091013.002 2009-10-13 0.08 Downloader
nProtect 20091013.02 5806236 2009-10-13 8.44 -
The Hacker 6.5.0.2 v00041 2009-10-13 0.80 -
VBA32 3.12.10.11 20091013.1125 2009-10-13 1.87 Trojan-Downloader.Win32.Small.anvv
VirusBuster 4.5.11.10 10.112.67/2004813 2009-10-13 2.59 -



------

VirSCAN.org Scanned Report :
Scanned time : 2009/10/14 05:19:33 (PDT)
Scanner results: All Scanners reported not find malware!
File Name : isuspm.exe
File Size : 221184 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : fb9e5c251cf6c37749f296bacb34a69b
SHA1 : 726df7171d5f28f922d6a258cdb6b0c18a257c91
Online report : http://virscan.org/r...4b5d93edaf.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091014103134 2009-10-14 5.12 -
AhnLab V3 2009.10.14.01 2009.10.14 2009-10-14 1.44 -
AntiVir 8.2.1.35 7.1.6.108 2009-10-14 0.54 -
Antiy 2.0.18 20091014.3003440 2009-10-14 0.12 -
Arcavir 2009 200910131451 2009-10-13 0.06 -
Authentium 5.1.1 200910140109 2009-10-14 1.60 -
AVAST! 4.7.4 091013-0 2009-10-13 0.02 -
AVG 8.5.288 270.14.16/2435 2009-10-14 0.34 -
BitDefender 7.81008.4340308 7.28314 2009-10-14 3.78 -
CA (VET) 9.0.0.143 35.1.7065 2009-10-14 3.73 -
ClamAV 0.95.2 9893 2009-10-14 0.05 -
Comodo 3.12 2599 2009-10-13 1.09 -
CP Secure 1.3.0.5 2009.10.14 2009-10-14 0.07 -
Dr.Web 4.44.0.9170 2009.10.14 2009-10-14 5.64 -
F-Prot 4.4.4.56 20091013 2009-10-13 1.61 -
F-Secure 7.02.73807 2009.10.14.04 2009-10-14 0.16 -
Fortinet 2.81-3.120 10.941 2009-10-13 0.24 -
GData 19.8392/19.510 20091014 2009-10-14 5.92 -
ViRobot 20091013 2009.10.13 2009-10-13 0.41 -
Ikarus T3.1.01.72 2009.10.14.74109 2009-10-14 4.12 -
JiangMin 11.0.800 2009.10.08 2009-10-08 7.96 -
Kaspersky 5.5.10 2009.10.14 2009-10-14 0.10 -
KingSoft 2009.2.5.15 2009.10.14.7 2009-10-14 1.06 -
McAfee 5.3.00 5770 2009-10-13 3.39 -
Microsoft 1.5101 2009.10.14 2009-10-14 6.03 -
Norman 6.01.09 6.01.00 2009-10-13 4.00 -
Panda 9.05.01 2009.10.13 2009-10-13 4.07 -
Trend Micro 8.700-1004 6.542.01 2009-10-13 0.04 -
Quick Heal 10.00 2009.10.13 2009-10-13 2.68 -
Rising 20.0 21.51.20.00 2009-10-14 1.38 -
Sophos 3.00.1 4.46 2009-10-14 2.55 -
Sunbelt 5448 5448 2009-10-13 2.23 -
Symantec 1.3.0.24 20091013.002 2009-10-13 0.07 -
nProtect 20091013.02 5806236 2009-10-13 8.58 -
The Hacker 6.5.0.2 v00041 2009-10-13 1.36 -
VBA32 3.12.10.11 20091013.1125 2009-10-13 1.96 -
VirusBuster 4.5.11.10 10.112.67/2004813 2009-10-13 2.50 -

--------

VirSCAN.org Scanned Report :
Scanned time : 2009/10/14 04:48:43 (PDT)
Scanner results: 65% Scanner(24/37) found malware!
File Name : isuspm .exe
File Size : 30720 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0334b4eb4fbfb33c0f821d94bd30c7fa
SHA1 : 6e1e44b0803c70adc6ea5b5b537e6c87c8751722
Online report : http://virscan.org/r...2a14732b4f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091014103134 2009-10-14 4.78 Trojan-Downloader.Win32.Small!IK
AhnLab V3 2009.10.14.01 2009.10.14 2009-10-14 1.68 Win-Trojan/Downloader.30720.EO
AntiVir 8.2.1.35 7.1.6.108 2009-10-14 0.11 TR/Dldr.Small.kgn
Antiy 2.0.18 20091014.3003440 2009-10-14 0.13 Trojan/Win32.Small.anuu[Downloader]
Arcavir 2009 200910131451 2009-10-13 0.07 Downloader.Small.Kgn
Authentium 5.1.1 200910140109 2009-10-14 1.29 -
AVAST! 4.7.4 091013-0 2009-10-13 0.01 Win32:Malware-gen
AVG 8.5.288 270.14.16/2435 2009-10-14 0.33 Worm/Koobface.K
BitDefender 7.81008.4340308 7.28314 2009-10-14 3.74 Trojan.Generic.2520953
CA (VET) 9.0.0.143 35.1.7065 2009-10-14 6.80 -
ClamAV 0.95.2 9893 2009-10-14 0.01 -
Comodo 3.12 2599 2009-10-13 0.76 -
CP Secure 1.3.0.5 2009.10.14 2009-10-14 0.05 Troj.Downloader.W32.Small.kgn
Dr.Web 4.44.0.9170 2009.10.14 2009-10-14 5.67 Trojan.DownLoad.50126
F-Prot 4.4.4.56 20091013 2009-10-13 1.29 -
F-Secure 7.02.73807 2009.10.14.04 2009-10-14 0.09 Trojan-Downloader.Win32.Small.kgn [AVP]
Fortinet 2.81-3.120 10.941 2009-10-13 0.20 W32/Small.KGN!tr.dldr
GData 19.8392/19.510 20091014 2009-10-14 5.53 Win32:Malware-gen [Engine:A]
ViRobot 20091013 2009.10.13 2009-10-13 0.44 -
Ikarus T3.1.01.72 2009.10.14.74109 2009-10-14 4.12 Trojan-Downloader.Win32.Small
JiangMin 11.0.800 2009.10.08 2009-10-08 3.81 -
Kaspersky 5.5.10 2009.10.14 2009-10-14 0.06 Trojan-Downloader.Win32.Small.kgn
KingSoft 2009.2.5.15 2009.10.14.7 2009-10-14 0.55 Win32.TrojDownloader.Small.30720
McAfee 5.3.00 5770 2009-10-13 3.33 Generic Downloader.x!bnr
Microsoft 1.5101 2009.10.14 2009-10-14 5.84 -
Norman 6.01.09 6.01.00 2009-10-13 4.00 W32/Agent.RUSW
Panda 9.05.01 2009.10.13 2009-10-13 2.88 Trj/Downloader.MDW
Trend Micro 8.700-1004 6.542.01 2009-10-13 0.02 TROJ_AGENT.ZXDG
Quick Heal 10.00 2009.10.13 2009-10-13 1.21 TrojanDownloader.Small.kgn
Rising 20.0 21.51.20.00 2009-10-14 0.99 -
Sophos 3.00.1 4.46 2009-10-14 2.45 -
Sunbelt 5448 5448 2009-10-13 1.53 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20091013.002 2009-10-13 0.08 Downloader
nProtect 20091013.02 5806236 2009-10-13 8.44 -
The Hacker 6.5.0.2 v00041 2009-10-13 0.80 -
VBA32 3.12.10.11 20091013.1125 2009-10-13 1.87 Trojan-Downloader.Win32.Small.anvv
VirusBuster 4.5.11.10 10.112.67/2004813 2009-10-13 2.59 -

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users