Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I click on a search link in Google, It goes to a different page. My browser appears to be hijacked.


  • This topic is locked This topic is locked
5 replies to this topic

#1 car21milton

car21milton

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 31 October 2009 - 10:41 AM

If I do a search with Google using Firefox, I get a list of links that my search finds.
When I click on any of these search links it goes off to a different page. I've had it go to spyware sites etc.........
My browser appears to be being hijacked.
I have tried Combofix, Malwarebites, Spybot, Stopzilla etc and although they seem to find things and remove them, the virus does not get removed.
I have attached the following logs as requested.-
DDS.txt, attach.txt and ark.txt. I've also added a hijackthis log for good measure.
Any help would be much appreciated.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bob at 15:04:08.13 on 31/10/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1789.548 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\Explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
D:\Bobs Stuff\New Folder\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk
mURLSearchHooks: SrchHook Class: {d3f669eb-57ce-4f45-8fbd-e245cbb46366} - c:\program files\stopzilla!\toolbar\SZIESearchHook.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\toolbar\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\toolbar\SZSG.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\zxafkqtd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\stopzilla!\toolbar\extension\components\SiteGuardFF.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 64288]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-7 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-7 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-29 604488]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-4 38224]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]
S2 gupdate1c9f818a9de61cb;Google Update Service (gupdate1c9f818a9de61cb);c:\program files\google\update\GoogleUpdate.exe [2009-6-28 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [2009-5-5 420096]

=============== Created Last 30 ================

2009-10-31 13:56:20 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 13:54:02 236544 ----a-w- c:\windows\PEV.exe
2009-10-31 13:47:27 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-30 21:37:38 7148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 21:37:38 297504 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 21:32:46 0 d-----w- c:\users\bob\DoctorWeb
2009-10-30 21:13:29 0 d-----w- c:\program files\common files\ParetoLogic
2009-10-30 15:11:02 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 21:18:12 0 d-----w- c:\program files\STOPzilla!
2009-10-29 18:40:26 0 d-----w- c:\program files\RegCleaner
2009-10-29 14:02:29 0 d-----w- c:\programdata\SITEguard
2009-10-29 13:59:32 0 d-----w- c:\program files\common files\iS3
2009-10-29 13:59:30 0 d-----w- c:\programdata\STOPzilla!
2009-10-29 13:21:29 0 d-----w- c:\program files\Loaris Trojan Remover
2009-10-28 17:12:09 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 17:12:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 13:01:14 77312 ----a-w- c:\windows\MBR.exe
2009-10-27 11:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 11:08:14 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 10:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-26 19:11:22 559024 ----a-w- c:\windows\system32\Codejock.SkinFramework.v12.1.1.ocx
2009-10-26 19:11:22 1779632 ----a-w- c:\windows\system32\Codejock.Controls.v12.1.1.ocx
2009-10-24 19:46:36 161792 ----a-w- c:\windows\SWREG.exe
2009-10-24 19:46:35 98816 ----a-w- c:\windows\sed.exe
2009-10-23 16:04:20 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-23 16:04:19 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-10-23 16:04:05 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-22 20:58:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 20:56:32 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 17:52:35 125440 ----a-w- c:\windows\system32\EncDump32.dll
2009-10-22 17:30:56 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-22 17:18:23 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-22 17:18:16 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-22 17:18:16 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-22 17:16:57 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-22 17:16:53 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-20 14:40:34 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 14:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 14:38:16 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 14:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 14:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 14:35:40 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 14:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 14:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 14:31:52 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-10-04 20:58:00 0 d-----w- c:\users\bob\appdata\roaming\Malwarebytes
2009-10-04 20:57:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 20:57:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 20:57:44 0 d-----w- c:\programdata\Malwarebytes
2009-10-04 20:57:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 12:23:54 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 15:45:17 0 d-----w- c:\programdata\TomTom
2009-10-02 15:44:36 0 d-----w- c:\program files\TomTom HOME 2
2009-10-02 15:40:02 0 d-----w- c:\program files\TomTom DesktopSuite
2009-10-02 13:39:40 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 13:39:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 13:38:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-02 13:38:48 171608 ----a-w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2009-10-23 16:04:29 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-04 20:02:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-04 20:02:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-04 20:02:40 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-27 15:08:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-16 09:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-05 13:25:36 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-09-03 09:17:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 14:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-05-27 18:37:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-07 20:21:09 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-04 16:30:41 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\feeds cache\index.dat
2009-03-06 09:48:02 65536 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-04 19:19:16 49152 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-05 23:01:02 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\mshist012009030520090306\index.dat
2009-03-04 17:20:10 16384 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-03-06 09:48:02 311296 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-04 17:20:10 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-03-06 09:48:02 32768 --sha-w- c:\windows\users\bob\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-04 17:20:10 16384 --sha-w- c:\windows\users\bob\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-01-03 10:50:34 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
2009-03-05 19:54:11 786432 --sha-w- c:\windows\users\gill\NTUSER.DAT
2009-03-05 17:43:32 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\feeds cache\index.dat
2009-03-05 22:04:58 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-04 19:45:00 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-05 18:12:26 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\mshist012009030520090306\index.dat
2009-03-05 22:04:58 49152 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-05 22:04:58 32768 --sha-w- c:\windows\users\gill\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-31 16:16:15 32768 --sha-w- c:\windows\users\gill\application data\microsoft\internet explorer\userdata\index.dat

============= FINISH: 15:05:49.47 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 06/03/2009 10:31:13
System Uptime: 31/10/2009 13:45:48 (2 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R40P/R41P
Processor: Intel® Celeron® M CPU 440 @ 1.86GHz | U2E1 | 1862/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 129 GiB total, 97.039 GiB free.
D: is FIXED (NTFS) - 159 GiB total, 106.569 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BT Home Hub
CCleaner
Choice Guard
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Easy Thumbnails (Remove only)
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
High Quality Photo Resizer 5.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Ipswitch WS_FTP Pro
iS3 STOPzilla Toolbar
iTunes
Java™ 6 Update 15
Lexmark 3500-4500 Series
Lexmark Fax Solutions
LimeWire 5.2.13
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Moyea FLV Player version 1.6.2.2
Mozilla Firefox (3.5.4)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
OGA Notifier 2.0.0048.0
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Sky Player
Skype™ 4.0
SopCast 3.2.4
Spybot - Search & Destroy
SpywareBlaster 4.2
STOPzilla
Stream Torrent 1.0
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
TuneUp Utilities 2009
TVAnts 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.14
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
WinRAR archiver

==== End Of File ===========================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/31 15:10
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\Users\Bob\AppData\Local\Temp\catchme.sys
Address: 0x97F8B000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8DB78000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8DB6D000 Size: 45056 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP90.SYS
Address: 0x97F89000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x97FAA000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{661a4b63-c583-11de-9172-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6af42087-c5a4-11de-a581-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4541fe03-c563-11de-8de8-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0fb56b60-c58f-11de-a581-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0fb56b78-c58f-11de-a581-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0fb56bb7-c58f-11de-a581-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{86caacff-c553-11de-900a-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b5b053ff-c623-11de-8f37-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e5eff685-c613-11de-90fc-0013773aa4b9}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Bob\My Documents
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\Users\Bob\My Documents
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\TERMIN~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIA3CC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI0A1E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.0.6002.18005_none_84a3ad727270f018\SHELL-~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE8ED8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE35C8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE0F18~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED850~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3A2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEB92E~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE081D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEA02A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEB414~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEE61C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE4529~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SE236E~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18005_none_43ebc81abe5eccc7\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\ppdlic\SHELL-~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIA3CC~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI0A1E~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\TERMIN~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\TERMIN~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE8ED8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE35C8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE0F18~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEA02A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEB414~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE4529~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE236E~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SECURI~3.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SED850~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEC3A2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SED8D0~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SED85F~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEC362~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEE61C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEC3C2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SEB92E~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomeBasic\SE081D~1.XRM
Status: Locked to the Windows API!

Path: c:\users\bob\appdata\local\mozilla\firefox\profiles\zxafkqtd.default\cache\_cache_001_
Status: Allocation size mismatch (API: 589824, Raw: 458752)

Path: c:\users\bob\appdata\local\mozilla\firefox\profiles\zxafkqtd.default\cache\_cache_002_
Status: Allocation size mismatch (API: 589824, Raw: 458752)

Path: c:\users\bob\appdata\local\mozilla\firefox\profiles\zxafkqtd.default\cache\_cache_003_
Status: Allocation size mismatch (API: 1507328, Raw: 1114112)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1232 Status: Locked to the Windows API!

==EOF==

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:28, on 31/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Bobs Stuff\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Update Service (gupdate1c9f818a9de61cb) (gupdate1c9f818a9de61cb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7430 bytes

BC AdBot (Login to Remove)

 


#2 car21milton

car21milton
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 04 November 2009 - 02:08 PM

Hi,
I'm new to this forum and am unsure if I should be doing anything else.
Will someone be looking / advising me about gthis problem or is there something else I should be doing.
Many Thanks,

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:19 AM

Posted 07 November 2009 - 10:00 AM

Hi,

If you still need help with this post a fresh dds.txt log and ComboFix.txt log from earlier run.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#4 car21milton

car21milton
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 07 November 2009 - 02:49 PM

Hi,
Thanks for the reply.
I'm still having problems.
I've been trying various things, none of which cure the problem.
Attached are new DDS.txt and combo.txt files.
Many Thanks.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Bob at 19:12:55.72 on 07/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1789.275 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
D:\Bobs Stuff\New Folder\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk
BHO: {1827766B-9F49-4854-8034-F6EE26FCB1EC} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\zxafkqtd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 64288]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1179232]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-7 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-7 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-29 604488]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-5-12 61328]
S2 gupdate1c9f818a9de61cb;Google Update Service (gupdate1c9f818a9de61cb);c:\program files\google\update\GoogleUpdate.exe [2009-6-28 133104]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-7 21504]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\drivers\hcw66xxx.sys [2009-5-5 420096]

=============== Created Last 30 ================

2009-11-07 18:31:27 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-05 18:39:45 0 ----a-w- c:\users\bob\.gtkrc-2.0
2009-11-05 17:23:59 0 d-----w- c:\program files\ESET
2009-11-04 19:45:29 0 d-----w- c:\program files\Windows Portable Devices
2009-11-04 19:45:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-04 19:44:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 19:40:17 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 19:40:13 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 19:40:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 19:37:41 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-04 19:33:09 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:33:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 19:33:06 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 19:19:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-03 19:21:10 35 ----a-w- c:\users\bob\appdata\roaming\SetValue.bat
2009-11-03 19:21:08 691 ----a-w- c:\users\bob\appdata\roaming\GetValue.vbs
2009-11-02 16:29:52 306544 ----a-w- c:\windows\f40e20db85aa99e60fdf4d53420f134a.szcpf
2009-10-31 13:56:20 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-10-30 21:37:38 7148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 21:37:38 297504 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 21:32:46 0 d-----w- c:\users\bob\DoctorWeb
2009-10-30 21:13:29 0 d-----w- c:\program files\common files\ParetoLogic
2009-10-30 15:11:02 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 21:18:12 0 d-----w- c:\program files\STOPzilla!
2009-10-29 18:40:26 0 d-----w- c:\program files\RegCleaner
2009-10-29 14:02:29 0 d-----w- c:\programdata\SITEguard
2009-10-29 13:59:32 0 d-----w- c:\program files\common files\iS3
2009-10-29 13:59:30 0 d-----w- c:\programdata\STOPzilla!
2009-10-29 13:21:29 0 d-----w- c:\program files\Loaris Trojan Remover
2009-10-28 17:12:09 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 17:12:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 13:01:14 77312 ----a-w- c:\windows\MBR.exe
2009-10-27 11:08:16 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 11:08:14 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 10:59:38 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-26 19:11:22 559024 ----a-w- c:\windows\system32\Codejock.SkinFramework.v12.1.1.ocx
2009-10-26 19:11:22 1779632 ----a-w- c:\windows\system32\Codejock.Controls.v12.1.1.ocx
2009-10-24 19:46:36 161792 ----a-w- c:\windows\SWREG.exe
2009-10-24 19:46:35 98816 ----a-w- c:\windows\sed.exe
2009-10-23 16:04:20 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-23 16:04:19 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-10-23 16:04:05 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-22 20:58:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 20:56:32 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 17:52:35 125440 ----a-w- c:\windows\system32\EncDump32.dll
2009-10-22 17:30:56 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-22 17:18:23 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-22 17:18:16 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-22 17:18:16 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-22 17:16:57 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-22 17:16:53 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-20 14:40:34 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 14:40:24 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 14:38:16 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 14:37:58 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 14:37:40 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 14:35:40 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 14:35:18 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 14:35:04 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 14:31:52 729088 ----a-r- c:\windows\system32\IS3Base5.dll

==================== Find3M ====================

2009-11-04 19:45:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 19:45:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-04 19:45:16 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 19:45:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-23 16:04:29 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 15:08:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 09:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-10 13:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 09:17:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-03-07 20:21:09 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-04 16:30:41 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\feeds cache\index.dat
2009-03-06 09:48:02 65536 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-04 19:19:16 49152 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-05 23:01:02 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\history.ie5\mshist012009030520090306\index.dat
2009-03-04 17:20:10 16384 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-03-06 09:48:02 311296 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-04 17:20:10 32768 --sha-w- c:\windows\users\bob\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-03-06 09:48:02 32768 --sha-w- c:\windows\users\bob\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-04 17:20:10 16384 --sha-w- c:\windows\users\bob\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-01-03 10:50:34 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
2009-03-05 19:54:11 786432 --sha-w- c:\windows\users\gill\NTUSER.DAT
2009-03-05 17:43:32 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\feeds cache\index.dat
2009-03-05 22:04:58 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-04 19:45:00 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-05 18:12:26 32768 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\history\history.ie5\mshist012009030520090306\index.dat
2009-03-05 22:04:58 49152 --sha-w- c:\windows\users\gill\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-05 22:04:58 32768 --sha-w- c:\windows\users\gill\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-31 16:16:15 32768 --sha-w- c:\windows\users\gill\application data\microsoft\internet explorer\userdata\index.dat

============= FINISH: 19:15:54.43 ===============


ComboFix 09-11-07.02 - Bob 07/11/2009 19:25.7.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1789.501 [GMT 0:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 19:38 . 2009-11-07 19:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-07 19:38 . 2009-11-07 19:38 -------- d-----w- c:\users\Gill\AppData\Local\temp
2009-11-07 19:38 . 2009-11-07 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-06 17:59 . 2009-11-07 19:40 4096 d-----w- c:\users\Bob\AppData\Local\temp
2009-11-05 17:23 . 2009-11-05 17:23 -------- d-----w- c:\program files\ESET
2009-11-04 19:45 . 2009-11-04 19:45 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 19:40 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 19:40 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 19:40 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 19:37 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-04 19:33 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-04 19:33 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 19:33 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 18:40 . 2009-11-04 18:40 680 ----a-w- c:\users\Bob\AppData\Local\d3d9caps.dat
2009-11-03 19:21 . 2009-11-03 19:41 35 ----a-w- c:\users\Bob\AppData\Roaming\SetValue.bat
2009-10-31 13:56 . 2009-04-11 06:32 19944 ------w- c:\windows\system32\drivers\atapi.sys
2009-10-30 21:37 . 2009-10-30 23:23 297504 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 21:32 . 2009-10-30 23:17 -------- d-----w- c:\users\Bob\DoctorWeb
2009-10-30 21:13 . 2009-10-30 23:20 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-30 21:10 . 2009-10-30 21:10 -------- d-----w- c:\users\Bob\AppData\Local\Downloaded Installations
2009-10-30 15:11 . 2009-10-30 15:11 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 15:11 . 2009-10-30 15:11 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-30 15:10 . 2009-10-30 15:10 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-30 15:10 . 2009-10-30 15:10 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-30 15:10 . 2009-10-30 15:10 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-30 15:10 . 2009-10-30 15:10 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-30 15:10 . 2009-10-30 15:10 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-29 21:22 . 2009-10-29 21:22 -------- d-----w- c:\users\Bob\AppData\Local\Xenocode
2009-10-29 21:18 . 2009-11-06 17:25 4096 d-----w- c:\program files\STOPzilla!
2009-10-29 18:40 . 2009-10-30 20:11 4096 d-----w- c:\program files\RegCleaner
2009-10-29 14:02 . 2009-10-30 13:16 -------- d-----w- c:\programdata\SITEguard
2009-10-29 13:59 . 2009-10-29 13:59 -------- d-----w- c:\program files\Common Files\iS3
2009-10-29 13:59 . 2009-11-07 19:17 4096 d-----w- c:\programdata\STOPzilla!
2009-10-29 13:21 . 2009-10-29 14:10 8192 d-----w- c:\program files\Loaris Trojan Remover
2009-10-28 17:12 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 17:12 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 11:08 . 2009-10-27 11:08 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 11:08 . 2009-10-27 11:08 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 10:59 . 2009-10-27 10:59 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-26 19:12 . 2009-10-26 19:12 -------- d-----w- c:\users\Gill\AppData\Local\Xenocode
2009-10-23 16:04 . 2009-07-15 10:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-23 16:04 . 2009-07-15 10:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-10-23 16:04 . 2009-10-23 16:04 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-23 14:31 . 2009-10-30 15:10 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-22 20:58 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 20:56 . 2009-10-22 20:56 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 20:56 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-22 17:52 . 2009-10-22 17:52 125440 ----a-w- c:\windows\system32\EncDump32.dll
2009-10-22 17:30 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-22 17:18 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-22 17:18 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-22 17:18 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-22 17:16 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-22 17:16 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-20 14:40 . 2009-10-20 14:40 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 14:40 . 2009-10-20 14:40 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 14:38 . 2009-10-20 14:38 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 14:37 . 2009-10-20 14:37 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 14:37 . 2009-10-20 14:37 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 14:35 . 2009-10-20 14:35 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 14:35 . 2009-10-20 14:35 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 14:35 . 2009-10-20 14:35 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 14:31 . 2009-10-20 14:31 729088 ----a-r- c:\windows\system32\IS3Base5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 19:40 . 2009-03-07 21:26 4096 d-----w- c:\programdata\Kontiki
2009-11-07 18:31 . 2009-11-07 18:31 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-04 19:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 19:45 . 2009-11-04 19:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-04 19:44 . 2009-11-04 19:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 18:41 . 2009-04-23 18:27 4096 d-----w- c:\program files\SpywareBlaster
2009-11-03 19:41 . 2009-11-03 19:21 691 ----a-w- c:\users\Bob\AppData\Roaming\GetValue.vbs
2009-11-02 20:42 . 2009-10-03 12:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 12:29 . 2009-03-09 19:08 4096 d-----w- c:\program files\Windows Live
2009-11-01 12:25 . 2009-03-09 19:08 -------- d-----w- c:\program files\Microsoft
2009-10-30 23:23 . 2009-10-30 21:37 7148 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 23:20 . 2009-04-27 21:26 -------- d-----w- c:\programdata\ParetoLogic
2009-10-29 13:13 . 2009-03-07 08:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-28 19:40 . 2009-03-07 08:29 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-28 19:32 . 2009-06-28 17:48 -------- d-----w- c:\program files\Google
2009-10-28 19:23 . 2009-05-05 14:42 8192 d-----w- c:\program files\WinTV
2009-10-28 19:10 . 2009-05-05 14:45 4096 d-----w- c:\program files\vtplus
2009-10-28 19:08 . 2009-03-06 11:06 -------- d-----w- c:\program files\BT Broadband Talk Softphone
2009-10-26 19:12 . 2009-03-06 12:09 4096 d-----w- c:\program files\High Quality Photo Resizer
2009-10-23 16:04 . 2009-07-29 20:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-23 16:03 . 2009-04-28 16:54 49152 d-----w- c:\program files\TuneUp Utilities 2009
2009-10-23 15:03 . 2009-03-07 20:40 4096 d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-22 20:00 . 2009-04-05 10:23 -------- d-----w- c:\program files\Java
2009-10-22 18:02 . 2009-03-06 11:26 4096 d-----w- c:\program files\McAfee
2009-10-22 17:59 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-22 17:58 . 2009-06-07 10:19 8192 d-----w- c:\users\Bob\AppData\Roaming\LimeWire
2009-10-22 17:49 . 2009-03-06 10:43 12288 d-----w- c:\programdata\Microsoft Help
2009-10-05 19:01 . 2009-10-05 19:01 -------- d-----w- c:\users\Gill\AppData\Roaming\Malwarebytes
2009-10-04 20:58 . 2009-10-04 20:58 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2009-10-04 20:57 . 2009-10-04 20:57 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 20:57 . 2009-10-04 20:57 -------- d-----w- c:\programdata\Malwarebytes
2009-10-04 18:26 . 2009-10-04 18:26 -------- d-----w- c:\users\Gill\AppData\Roaming\TomTom
2009-10-03 14:50 . 2009-05-18 15:10 -------- d-----w- c:\users\Gill\AppData\Roaming\Apple Computer
2009-10-03 12:16 . 2009-05-05 14:46 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 15:45 . 2009-10-02 15:45 -------- d-----w- c:\programdata\TomTom
2009-10-02 15:44 . 2009-10-02 15:44 4096 d-----w- c:\program files\TomTom HOME 2
2009-10-02 15:44 . 2009-06-07 18:12 -------- d-----w- c:\program files\TomTom HOME
2009-10-02 15:40 . 2009-10-02 15:40 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-10-01 01:02 . 2009-11-04 19:37 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 19:37 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 19:37 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 19:37 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 19:37 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 19:37 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 19:37 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 19:37 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 19:37 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 19:37 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 19:37 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-04 19:37 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-04 19:37 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-04 19:37 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-04 19:37 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 15:42 . 2009-06-07 10:18 32768 d-----w- c:\program files\LimeWire
2009-09-27 15:08 . 2009-09-27 15:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-27 14:42 . 2009-03-10 10:21 4096 d-----w- c:\programdata\Lx_cats
2009-09-26 17:52 . 2009-09-26 17:52 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-26 17:52 . 2009-03-26 18:00 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-26 17:52 . 2009-03-26 18:00 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-26 17:52 . 2009-06-20 19:52 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-25 02:10 . 2009-11-04 19:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 19:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 19:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 19:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 19:38 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 19:38 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 19:38 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 19:38 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 19:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 19:38 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 19:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 19:38 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 19:38 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 19:38 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 19:38 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 19:38 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 19:38 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 19:38 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 19:38 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-04 19:38 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-04 19:38 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 19:38 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 19:38 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 19:38 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 19:38 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 19:38 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 19:38 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 18:36 . 2009-07-23 18:12 4096 d-----w- c:\program files\iTunes
2009-09-23 18:35 . 2009-09-23 18:35 -------- d-----w- c:\program files\iPod
2009-09-23 18:35 . 2009-05-18 15:06 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 18:21 . 2009-09-23 18:21 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-23 18:04 . 2009-05-27 17:38 4096 d-----w- c:\users\Bob\AppData\Roaming\Apple Computer
2009-09-17 18:18 . 2009-09-17 18:15 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-17 18:11 . 2009-06-07 10:51 4096 d-----w- c:\program files\QuickTime
2009-09-16 09:22 . 2009-03-06 11:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-03-06 11:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-03-06 11:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-01-09 12:03 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-03-06 11:23 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-10 18:37 . 2009-03-07 08:29 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-01-03 10:50 . 2007-01-03 10:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2009-03-05 19:54 . 2009-03-04 17:41 786432 --sha-w- c:\windows\Users\Gill\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-11-06_17.54.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 11:52 . 2009-11-07 11:57 32768 c:\windows\Users\Gill\Local Settings\Microsoft\Windows\History\History.IE5\MSHist012009110720091108\index.dat
+ 2009-10-29 17:30 . 2009-11-07 16:49 32768 c:\windows\Users\Gill\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-29 17:30 . 2009-11-06 17:40 32768 c:\windows\Users\Gill\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-29 17:30 . 2009-11-06 17:40 32768 c:\windows\Users\Gill\Cookies\index.dat
+ 2009-10-29 17:30 . 2009-11-07 16:49 32768 c:\windows\Users\Gill\Cookies\index.dat
+ 2009-03-06 11:42 . 2009-11-07 11:58 16975 c:\windows\Users\Gill\Application Data\Mozilla\Firefox\Profiles\qjttctm8.default\pluginreg.dat
- 2009-03-06 11:42 . 2009-11-06 17:25 16975 c:\windows\Users\Gill\Application Data\Mozilla\Firefox\Profiles\qjttctm8.default\pluginreg.dat
- 2009-10-29 17:30 . 2009-11-06 17:40 32768 c:\windows\Users\Gill\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-10-29 17:30 . 2009-11-07 16:49 32768 c:\windows\Users\Gill\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-11-07 11:52 . 2009-11-07 11:57 32768 c:\windows\Users\Gill\AppData\Local\History\History.IE5\MSHist012009110720091108\index.dat
- 2009-10-29 17:30 . 2009-11-06 17:40 32768 c:\windows\Users\Gill\AppData\Local\History\History.IE5\index.dat
+ 2009-10-29 17:30 . 2009-11-07 16:49 32768 c:\windows\Users\Gill\AppData\Local\History\History.IE5\index.dat
+ 2009-11-07 11:52 . 2009-11-07 11:57 32768 c:\windows\Users\Gill\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009110720091108\index.dat
+ 2009-10-29 17:30 . 2009-11-07 16:49 32768 c:\windows\Users\Gill\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-29 17:30 . 2009-11-06 17:40 32768 c:\windows\Users\Gill\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-07 09:06 . 2009-11-07 18:30 32768 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\History\History.IE5\MSHist012009110720091108\index.dat
+ 2009-10-05 11:25 . 2009-11-07 19:25 49152 c:\windows\Users\Bob\Cookies\index.dat
- 2009-10-05 11:25 . 2009-11-06 16:17 49152 c:\windows\Users\Bob\Cookies\index.dat
- 2009-10-29 19:38 . 2009-11-06 16:01 16975 c:\windows\Users\Bob\Application Data\Mozilla\Firefox\Profiles\zxafkqtd.default\pluginreg.dat
+ 2009-10-29 19:38 . 2009-11-07 18:33 16975 c:\windows\Users\Bob\Application Data\Mozilla\Firefox\Profiles\zxafkqtd.default\pluginreg.dat
- 2009-10-05 11:25 . 2009-11-06 16:17 49152 c:\windows\Users\Bob\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-10-05 11:25 . 2009-11-07 19:25 49152 c:\windows\Users\Bob\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-11-07 09:06 . 2009-11-07 18:30 32768 c:\windows\Users\Bob\AppData\Local\History\History.IE5\MSHist012009110720091108\index.dat
+ 2009-11-07 09:06 . 2009-11-07 18:30 32768 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\MSHist012009110720091108\index.dat
+ 2009-03-06 11:01 . 2009-11-07 18:32 47354 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-11-06 16:30 64818 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-11-07 18:33 64818 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-06 10:39 . 2009-11-07 18:33 11706 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2071148467-1355977438-1364253588-1000_UserData.bin
- 2009-03-06 10:36 . 2009-11-06 17:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 10:36 . 2009-11-07 19:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 10:36 . 2009-11-07 19:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 10:36 . 2009-11-06 17:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 10:36 . 2009-11-07 19:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-06 10:36 . 2009-11-06 17:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 16:45 . 2009-11-07 11:52 8424 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2071148467-1355977438-1364253588-1001_UserData.bin
+ 2009-11-07 16:46 . 2009-11-07 16:46 4990 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F8A132F2E9ABD3D993E42DD2CA72A2738F8FA3F6\F8A132F2E9ABD3D993E42DD2CA72A2738F8FA3F6\Data.dat
+ 2009-11-07 16:34 . 2009-11-07 16:34 5902 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F78EC2CBAB11D13B577C66BE1C78B2486BDF582A\F78EC2CBAB11D13B577C66BE1C78B2486BDF582A\Data.dat
- 2009-11-06 17:33 . 2009-11-06 17:33 5902 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F78EC2CBAB11D13B577C66BE1C78B2486BDF582A\F78EC2CBAB11D13B577C66BE1C78B2486BDF582A\Data.dat
+ 2009-11-07 16:45 . 2009-11-07 16:45 5706 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\EED705227DAB5A4983974B163F509BFD79B95560\EED705227DAB5A4983974B163F509BFD79B95560\Data.dat
+ 2009-11-07 16:41 . 2009-11-07 16:41 5146 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\D7A57D498B1973954B23284C8E9924AB1CAB61C6\D7A57D498B1973954B23284C8E9924AB1CAB61C6\Data.dat
+ 2009-11-07 16:56 . 2009-11-07 16:56 5178 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\D315E4A04E2037734D0C03EB4F8394BBA835447E\D315E4A04E2037734D0C03EB4F8394BBA835447E\Data.dat
+ 2009-11-07 16:44 . 2009-11-07 16:44 5170 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C9A9EE2F27DBAA85C37F856C5A5EF65AD8BD4D85\C9A9EE2F27DBAA85C37F856C5A5EF65AD8BD4D85\Data.dat
+ 2009-11-07 16:31 . 2009-11-07 16:31 3524 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C20601A1CC918C1B1BE9459CFE76FE7094457342\C20601A1CC918C1B1BE9459CFE76FE7094457342\Data.dat
+ 2009-11-07 16:13 . 2009-11-07 16:13 5214 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C15C3961CA1FCF45B80250FA802467BADA00C5AA\C15C3961CA1FCF45B80250FA802467BADA00C5AA\Data.dat
+ 2009-11-07 16:53 . 2009-11-07 16:53 5210 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\BEE2EE7D05BCECA386063243ADCA3200596FFCBE\BEE2EE7D05BCECA386063243ADCA3200596FFCBE\Data.dat
+ 2009-11-07 16:12 . 2009-11-07 16:12 5956 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7837DB21F891F6EC5F656DAD1964966B97FFE81\B7837DB21F891F6EC5F656DAD1964966B97FFE81\Data.dat
- 2009-11-06 16:52 . 2009-11-06 16:52 5956 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7837DB21F891F6EC5F656DAD1964966B97FFE81\B7837DB21F891F6EC5F656DAD1964966B97FFE81\Data.dat
+ 2009-11-07 16:37 . 2009-11-07 16:37 5164 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B51144A99E87DB68B9C3E5B058DC22B1ECFA8D8A\B51144A99E87DB68B9C3E5B058DC22B1ECFA8D8A\Data.dat
+ 2009-11-07 16:45 . 2009-11-07 16:45 5226 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B403ED037C7DF247DC108AE717CB609840D3E6C2\B403ED037C7DF247DC108AE717CB609840D3E6C2\Data.dat
+ 2009-11-07 16:13 . 2009-11-07 16:13 5724 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B2BC42378FF35EC401722F07D9C313D14A3A71AD\B2BC42378FF35EC401722F07D9C313D14A3A71AD\Data.dat
+ 2009-11-07 16:41 . 2009-11-07 16:41 5184 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B1955A5EC9BD564F17415EE82DBA1792F02ADF18\B1955A5EC9BD564F17415EE82DBA1792F02ADF18\Data.dat
+ 2009-11-07 16:12 . 2009-11-07 16:12 6392 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
- 2009-11-06 16:52 . 2009-11-06 16:52 6392 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
+ 2009-11-07 16:48 . 2009-11-07 16:48 5230 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AB8A1B2A86DA6FE566C9B4E0F982DFCD993C7FDE\AB8A1B2A86DA6FE566C9B4E0F982DFCD993C7FDE\Data.dat
+ 2009-11-07 16:43 . 2009-11-07 16:43 5174 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\A849059EC63C778CF960B013C36D022CFC927D81\A849059EC63C778CF960B013C36D022CFC927D81\Data.dat
+ 2009-11-07 16:13 . 2009-11-07 16:13 5790 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\A0607485450E0C7525D389AB8B366CE10041511D\A0607485450E0C7525D389AB8B366CE10041511D\Data.dat
+ 2009-11-07 16:35 . 2009-11-07 16:35 3398 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8FA314EA642EE7EB7ADEC3CF02E27A318A876CFD\8FA314EA642EE7EB7ADEC3CF02E27A318A876CFD\Data.dat
- 2009-11-06 17:05 . 2009-11-06 17:05 3398 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8FA314EA642EE7EB7ADEC3CF02E27A318A876CFD\8FA314EA642EE7EB7ADEC3CF02E27A318A876CFD\Data.dat
+ 2009-11-07 16:42 . 2009-11-07 16:42 5152 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8AF58979D1418384C26EBBF9B0BEF5F20537AC8B\8AF58979D1418384C26EBBF9B0BEF5F20537AC8B\Data.dat
+ 2009-11-07 16:30 . 2009-11-07 16:30 5996 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\8ABBAC9143DC910CA259A2A23AA377578F2B8B77\8ABBAC9143DC910CA259A2A23AA377578F2B8B77\Data.dat
+ 2009-11-07 16:13 . 2009-11-07 16:13 5844 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\88D5A7DB89A91D819A0CC1C087CCAEF010951A53\88D5A7DB89A91D819A0CC1C087CCAEF010951A53\Data.dat
+ 2009-11-07 16:30 . 2009-11-07 16:30 3392 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\761E95400660F816A2809EF812DC56C1D85ECB44\761E95400660F816A2809EF812DC56C1D85ECB44\Data.dat
+ 2009-11-07 16:43 . 2009-11-07 16:43 5114 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\5F97AB9BD2F172E42AE7C25F18882A3358202889\5F97AB9BD2F172E42AE7C25F18882A3358202889\Data.dat
- 2009-11-06 17:02 . 2009-11-06 17:02 5114 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\5F97AB9BD2F172E42AE7C25F18882A3358202889\5F97AB9BD2F172E42AE7C25F18882A3358202889\Data.dat
+ 2009-11-07 16:35 . 2009-11-07 16:35 5202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\5AECD042A900B0CF0F08B165CF230DDA790E0F70\5AECD042A900B0CF0F08B165CF230DDA790E0F70\Data.dat
+ 2009-11-07 16:28 . 2009-11-07 16:28 5272 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\593E07FA488D8287B7E0ACC8CA3C4D14EA1A4BC9\593E07FA488D8287B7E0ACC8CA3C4D14EA1A4BC9\Data.dat
+ 2009-11-07 16:48 . 2009-11-07 16:48 4950 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\5210ADF7DA6BBA1959DD2E8B0721D155E190D1DD\5210ADF7DA6BBA1959DD2E8B0721D155E190D1DD\Data.dat
+ 2009-11-07 16:54 . 2009-11-07 16:54 5758 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\4A7C00C3D6FF9F627B2789F76177B222AE1D6F93\4A7C00C3D6FF9F627B2789F76177B222AE1D6F93\Data.dat
+ 2009-11-07 16:31 . 2009-11-07 16:31 5242 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\43806B45335ED174D9484F0AFEE2F4ECD34E15F8\43806B45335ED174D9484F0AFEE2F4ECD34E15F8\Data.dat
+ 2009-11-07 16:42 . 2009-11-07 16:42 5384 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\41AE1ECB6E7665089B13BBAC5961625CB09950B3\41AE1ECB6E7665089B13BBAC5961625CB09950B3\Data.dat
+ 2009-11-07 16:59 . 2009-11-07 16:59 4934 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\417224D6148A13FA4A2536EE2AF37E8A27D0E1BD\417224D6148A13FA4A2536EE2AF37E8A27D0E1BD\Data.dat
+ 2009-11-07 16:13 . 2009-11-07 16:13 7004 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3D93506110C0FFC9BC3A14EE4ED8E71DD2EAFF55\3D93506110C0FFC9BC3A14EE4ED8E71DD2EAFF55\Data.dat
+ 2009-11-07 16:57 . 2009-11-07 16:57 5170 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\25491F42B7A6B77BB8E1C55D6C19C438C60510CB\25491F42B7A6B77BB8E1C55D6C19C438C60510CB\Data.dat
+ 2009-11-07 16:46 . 2009-11-07 16:46 5752 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\2172D5C6FD2836A7CFD89C6E9758331F6960E1B0\2172D5C6FD2836A7CFD89C6E9758331F6960E1B0\Data.dat
- 2009-11-06 16:30 . 2009-11-06 16:30 5722 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\196D74F28D4FDC19927B1A6844611D98104DC808\196D74F28D4FDC19927B1A6844611D98104DC808\Data.dat
+ 2009-11-07 16:40 . 2009-11-07 16:40 5722 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\196D74F28D4FDC19927B1A6844611D98104DC808\196D74F28D4FDC19927B1A6844611D98104DC808\Data.dat
+ 2009-11-07 16:34 . 2009-11-07 16:34 4412 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\17BB4D7516D92C4F79BAA07BC6AAB8A65E9FD78C\17BB4D7516D92C4F79BAA07BC6AAB8A65E9FD78C\Data.dat
- 2009-11-06 16:26 . 2009-11-06 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-07 18:30 . 2009-11-07 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-07 18:30 . 2009-11-07 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-06 16:26 . 2009-11-06 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-29 15:21 . 2009-11-06 17:36 245760 c:\windows\Users\Gill\Application Data\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-29 15:21 . 2009-11-07 16:49 245760 c:\windows\Users\Gill\Application Data\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-07 09:04 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-05 11:25 . 2009-11-06 16:17 131072 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-05 11:25 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 11:28 . 2009-11-07 09:06 102579 c:\windows\Users\Bob\Application Data\Mozilla\Firefox\Profiles\zxafkqtd.default\xpti.dat
+ 2009-10-30 12:09 . 2009-11-07 09:06 149452 c:\windows\Users\Bob\Application Data\Mozilla\Firefox\Profiles\zxafkqtd.default\compreg.dat
+ 2009-04-29 15:15 . 2009-11-07 19:21 245760 c:\windows\Users\Bob\Application Data\Microsoft\Windows\IETldCache\index.dat
- 2009-04-29 15:15 . 2009-11-06 16:17 245760 c:\windows\Users\Bob\Application Data\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-07 09:04 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-05 11:25 . 2009-11-06 16:17 131072 c:\windows\Users\Bob\AppData\Local\History\History.IE5\index.dat
+ 2009-10-05 11:25 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\AppData\Local\History\History.IE5\index.dat
+ 2009-11-07 09:04 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-05 11:25 . 2009-11-06 16:17 131072 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-05 11:25 . 2009-11-07 19:25 131072 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-29 15:11 . 2009-11-07 19:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-04-29 15:11 . 2009-11-06 17:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-06 11:38 . 2009-11-06 17:37 2621440 c:\windows\Users\Gill\Local Settings\Microsoft\Windows\UsrClass.dat
+ 2009-03-06 11:38 . 2009-11-07 17:02 2621440 c:\windows\Users\Gill\Local Settings\Microsoft\Windows\UsrClass.dat
+ 2009-03-06 11:38 . 2009-11-07 17:02 2621440 c:\windows\Users\Gill\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-03-06 11:38 . 2009-11-06 17:37 2621440 c:\windows\Users\Gill\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-03-06 10:37 . 2009-11-06 16:24 6553600 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\UsrClass.dat
+ 2009-03-06 10:37 . 2009-11-07 19:39 6553600 c:\windows\Users\Bob\Local Settings\Microsoft\Windows\UsrClass.dat
+ 2009-03-06 10:37 . 2009-11-07 19:39 6553600 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-03-06 10:37 . 2009-11-06 16:24 6553600 c:\windows\Users\Bob\AppData\Local\Application Data\Microsoft\Windows\UsrClass.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Gill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"kdx"=c:\program files\Kontiki\KHost.exe -all
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe"
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe"
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" /s
"kdx"="c:\program files\Kontiki\KHost.exe" -all
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:f3,0f,4d,02,fb,de,c9,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/10/2009 20:58 64288]
R0 szkg5;szkg5;c:\windows\System32\drivers\SZKG.sys [12/05/2009 14:13 61328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1179232]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [07/03/2009 13:33 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/03/2009 08:29 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 15:05 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [29/07/2009 20:33 604488]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
S0 is3srv;is3srv;c:\windows\System32\drivers\is3srv.sys [12/05/2009 14:13 61328]
S2 gupdate1c9f818a9de61cb;Google Update Service (gupdate1c9f818a9de61cb);c:\program files\Google\Update\GoogleUpdate.exe [28/06/2009 17:48 133104]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [11/06/2007 14:14 99248]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [07/03/2009 19:40 21504]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\System32\drivers\hcw66xxx.sys [05/05/2009 16:45 420096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 09:30]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 17:48]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 17:48]

2009-03-06 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 11:22]

2009-03-06 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 11:22]

2009-11-07 c:\windows\Tasks\User_Feed_Synchronization-{017CC9F4-D5D0-4D5B-99EF-17FE93DE7E77}.job
- c:\windows\system32\msfeedssync.exe [2009-10-22 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\zxafkqtd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 19:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4836)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-11-07 19:47
ComboFix-quarantined-files.txt 2009-11-07 19:47
ComboFix2.txt 2009-11-05 22:13
ComboFix3.txt 2009-10-31 14:11
ComboFix4.txt 2009-10-30 18:24
ComboFix5.txt 2009-11-06 17:37

Pre-Run: 104,408,502,272 bytes free
Post-Run: 104,257,052,672 bytes free

- - End Of File - - 29A9561C8C506F4F551AE22D43E2BF53

Edited by car21milton, 07 November 2009 - 02:57 PM.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:19 AM

Posted 07 November 2009 - 06:09 PM

Hi,

What are those various things" you've tried? Also, I didn't ask you to run ComboFix again but post log from earlier run. So, post contents of ComboFix4.txt file (should be in c:\qoobox or c:\combofix folder). It's difficult to get some clue of the original problem since you had done fixing by yourself and so cleaning malware signs.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:19 AM

Posted 13 November 2009 - 11:30 AM

Due to inactivity, this thread will now be closed. If you still need help, please start a New Topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users