Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\system32\smss.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 Tiffany37

Tiffany37

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 08 June 2008 - 07:19 PM

Deckard's System Scanner v20071014.68
Run by Tiffany Bodison on 2008-06-08 20:03:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-06-09 00:04:02 UTC - RP112 - Deckard's System Scanner Restore Point
11: 2008-06-08 19:04:08 UTC - RP111 - Software Distribution Service 3.0
10: 2008-06-08 04:13:50 UTC - RP110 - Restore Operation
9: 2008-06-07 20:21:24 UTC - RP109 - Software Distribution Service 3.0
8: 2008-06-06 23:59:14 UTC - RP108 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-28 19:38:45 UTC - RP101 - Configured Customer Experience Enhancement


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 20:06:45
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tiffany Bodison\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.162.1.1:80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\vtUlJaBu.dll (file missing)
O2 - BHO: (no name) - {D249EB21-482F-4C58-A62F-105819307413} - C:\WINDOWS\system32\fccaWMdb.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212795021265
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/c...t_4.2.1.318.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: vtUlJaBu - C:\WINDOWS\system32\
O20 - Winlogon Notify: __c00D7AC4 - C:\WINDOWS\system32\__c00D7AC4.dat
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe


--
End of file - 7666 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 09:00:00 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-06 19:59:20 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-06 19:59:09 4648960 --a------ C:\Documents and Settings\Tiffany Bodison\ntuser.dat
2008-06-06 18:40:14 0 d-------- C:\WINDOWS\system32\scripting
2008-06-06 18:40:13 0 d-------- C:\WINDOWS\l2schemas
2008-06-06 18:40:12 0 d-------- C:\WINDOWS\system32\en
2008-06-06 18:40:11 0 d-------- C:\WINDOWS\system32\bits
2008-06-06 18:36:16 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-06 18:23:28 0 d-------- C:\WINDOWS\EHome
2008-05-30 22:09:19 93 --a------ C:\xcrashdump.dat
2008-05-30 22:01:03 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-30 22:01:03 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-30 21:56:19 3851040 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-30 21:56:19 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-30 21:56:09 121888 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-30 21:54:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-30 18:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-30 18:33:14 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 14:56:53 0 d-------- C:\Program Files\WinAntivirusPro3.8
2008-05-28 15:35:32 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-27 22:58:42 0 d-------- C:\Program Files\SpyShredder
2008-05-27 22:02:01 1867 --ahs---- C:\WINDOWS\system32\bdMWaccf.ini2
2008-05-26 21:38:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-23 23:38:11 45056 --a------ C:\WINDOWS\system32\__c00D8634.exe
2008-05-22 22:53:44 27648 --a------ C:\WINDOWS\system32\__c00D7AC4.dat
2008-05-22 22:53:35 44032 --a------ C:\WINDOWS\system32\~.exe
2008-05-21 18:57:03 0 d-------- C:\Program Files\MumboJumbo
2008-05-17 16:41:27 0 d-------- C:\DVDVideoSoft
2008-05-17 16:25:44 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\STOIK
2008-05-17 16:25:03 0 d-------- C:\Program Files\STOIK Imaging
2008-05-17 15:44:24 0 d-------- C:\Program Files\Any Video Converter
2008-05-17 14:59:52 0 d-------- C:\ZCVideoConverter
2008-05-17 11:55:47 0 d-------- C:\Program Files\Memory Puzzle
2008-05-17 00:33:47 0 d-------- C:\Program Files\Common Files\xing shared


-- Find3M Report ---------------------------------------------------------------

2008-06-06 18:40:49 0 d-------- C:\Program Files\Messenger
2008-06-06 18:40:10 0 d-------- C:\Program Files\Movie Maker
2008-06-06 18:35:43 0 d-------- C:\Program Files\Windows NT
2008-05-30 21:05:12 0 d-------- C:\Program Files\Google
2008-05-28 21:07:06 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\AdobeUM
2008-05-28 15:40:21 0 d-------- C:\Program Files\Common Files
2008-05-27 22:01:55 0 d-------- C:\Program Files\McAfee
2008-05-26 21:33:39 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\McAfee
2008-05-22 18:58:44 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\StumbleUpon
2008-05-17 17:06:49 0 d-------- C:\Program Files\DivX
2008-05-17 16:25:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 12:45:54 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-17 00:38:35 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Real
2008-05-17 00:33:42 0 d-------- C:\Program Files\Common Files\Real
2008-05-17 00:33:20 0 d-------- C:\Program Files\Real
2008-05-17 00:11:08 0 d-------- C:\Program Files\QuickTime
2008-04-29 23:58:10 0 d-------- C:\Program Files\Kidware.Net Photo Color
2008-04-29 23:10:20 0 d-------- C:\Program Files\Pixia
2008-04-29 23:01:47 0 d-------- C:\Program Files\Serif
2008-04-29 23:00:28 0 -rahs---- C:\MSDOS.SYS
2008-04-29 23:00:28 0 -rahs---- C:\IO.SYS
2008-04-29 22:58:42 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\InstallShield
2008-04-27 12:35:02 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\U3
2008-04-27 11:12:59 4 --a------ C:\WINDOWS\system32\2EA93D
2008-04-27 11:06:42 0 d-------- C:\Program Files\Rhapsody
2008-04-22 16:20:51 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\DivX
2008-04-19 20:36:50 0 d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\PlayFirst
2008-04-19 11:05:18 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-04-19 10:56:14 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-19 10:53:55 0 d-------- C:\Program Files\AOL Games
2008-04-19 10:50:42 0 d-------- C:\Program Files\Freeze.com
2008-04-19 10:50:40 0 d-------- C:\Program Files\Free Offers from Freeze.com
2008-04-10 17:55:44 0 d-------- C:\Program Files\iTunes
2008-04-10 17:55:14 0 d-------- C:\Program Files\iPod
2008-04-09 15:06:48 0 d-------- C:\Program Files\ieSpell
2008-03-23 01:05:54 29160 --a------ C:\WINDOWS\hpoins03.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
C:\WINDOWS\system32\vtUlJaBu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D249EB21-482F-4C58-A62F-105819307413}]
C:\WINDOWS\system32\fccaWMdb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/17/2008 12:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAntivirusPro"="C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe" [05/30/2008 02:56 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"Windows update loader"="C:\Windows\xpupdate.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 08:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - C:\WINDOWS\system32\cmd.exe [8/4/2004 4:00:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 5:19:24 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 5:39:30 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"= C:\WINDOWS\system32\vtUlJaBu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlJaBu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D7AC4]
C:\WINDOWS\system32\__c00D7AC4.dat 06/07/2008 11:07 PM 27648 C:\WINDOWS\system32\__c00D7AC4.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccaWMdb

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbd66f88-7a82-11dc-afbe-0014a57dc267}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-08 20:10:39 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 894.17 MiB / 522.76 MiB
Pagefile Memory (total/avail): 2167.42 MiB / 1856.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.88 MiB

C: is Fixed (NTFS) - 67.11 GiB total, 46.22 GiB free.
D: is Fixed (FAT32) - 7.39 GiB total, 0.75 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2080AT PL - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 67.11 GiB - C:
\PARTITION1 - Unknown - 7.41 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tiffany Bodison\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC113824047319
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tiffany Bodison
LOGONSERVER=\\PC113824047319
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TIFFAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TIFFAN~1\LOCALS~1\Temp
USERDOMAIN=PC113824047319
USERNAME=Tiffany Bodison
USERPROFILE=C:\Documents and Settings\Tiffany Bodison
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tiffany Bodison (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon SELPHY DS810 --> C:\WINDOWS\system32\CNMCP7F.exe "-PRINTERNAMECanon SELPHY DS810" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon SELPHY DS810 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP DVD Play 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0025 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kidware.Net Photo Color --> C:\Program Files\Kidware.Net Photo Color\uninstall.exe uninstall
Linksys EasyLink Advisor 1.6 (0044) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Luxor Mahjong (remove only) --> "C:\Program Files\MumboJumbo\Luxor Mahjong\uninstall.exe"
Memory Puzzle --> C:\Program Files\Memory Puzzle\uninstall.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultiMedia Software --> C:\Program Files\Video Add-on\uninst.exe
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MyLayout Profile Editor --> "C:\PROGRA~1\Freeze.com\MyLayout Profile Editor\UNINSTAL.EXE"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pixia --> C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe -runfromtemp -l0x0009 -removeonly
Quick Launch Buttons 5.20 F2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Serif DrawPlus 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp40.isu"
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
STOIK Video Converter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tetris Worlds --> C:\PROGRA~1\TETRIS~1\UNWISE.EXE C:\PROGRA~1\TETRIS~1\INSTALL.LOG
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2974 / Error
Event Submitted/Written: 06/08/2008 03:08:52 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 - Update 'Update for Outlook 2003: Junk E-mail Filter (KB950380): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2973 / Error
Event Submitted/Written: 06/08/2008 03:08:43 PM
Event ID/Source: 11406 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 -- Error 1406. Setup cannot write the value to the registry key \prffile\shell\Open\command. Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Event Record #/Type2970 / Error
Event Submitted/Written: 06/08/2008 03:06:08 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type2969 / Error
Event Submitted/Written: 06/08/2008 03:06:03 PM
Event ID/Source: 11404 / MsiInstaller
Event Description:
Product: Microsoft Office Standard Edition 2003 -- Error 1404. Setup cannot delete the registry key \Software\Classes\xmlfile\shell\open. Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Event Record #/Type2957 / Error
Event Submitted/Written: 06/08/2008 07:50:19 AM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\WINDOWS\SoftwareDistribution\Download\5705a85644d5a5acc06520b6db1b17e9\img\OTKLOADR.MSP is not permitted due to an error in software restriction policy processing. The object cannot be trusted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19644 / Error
Event Submitted/Written: 06/08/2008 03:08:57 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB950380).

Event Record #/Type19641 / Error
Event Submitted/Written: 06/08/2008 03:06:17 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).

Event Record #/Type19614 / Warning
Event Submitted/Written: 06/08/2008 02:58:16 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\YOUR-C57130024B on the network \Device\NetBT_Tcpip_{25C78296-9EC9-4155-9510-5850777613EA}.
The data is the error code.

Event Record #/Type19595 / Warning
Event Submitted/Written: 06/08/2008 10:17:58 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A57DC267. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type19589 / Warning
Event Submitted/Written: 06/08/2008 07:53:56 AM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by winlogon.exe.



-- End of Deckard's System Scanner: finished at 2008-06-08 20:10:39 ------------

Was unable to cut and paste kaspersky, I have that anti-virus pro.

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 09 June 2008 - 12:40 PM

Hello Tiffany37,

Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.cpl
.exe


then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Edited by SifuMike, 09 June 2008 - 12:41 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 June 2008 - 04:55 AM

Thank You, for your help! I'm looking for a new job and i can't even get to my resume b/c of this evil thing.



Malwarebytes' Anti-Malware 1.16
Database version: 845

5:41:14 AM 6/10/2008
mbam-log-6-10-2008 (05-41-14).txt

Scan type: Quick Scan
Objects scanned: 36120
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 45
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 21
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\basereiqq32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinAntivirusPro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{27cb634d-c84e-4c00-9b53-f5523601dbad} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\__c00D8634.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tiffany Bodison\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basereiqq32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:02 AM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.162.1.1:80
O2 - BHO: (no name) - {D249EB21-482F-4C58-A62F-105819307413} - C:\WINDOWS\system32\fccaWMdb.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/c...t_4.2.1.318.cab
O20 - Winlogon Notify: vtUlJaBu - C:\WINDOWS\
O20 - Winlogon Notify: __c00D7AC4 - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6905 bytes

#4 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 10 June 2008 - 05:12 AM

I will be giving a donation, You are a God send! I just hope i can get rid of the rest. I have kasperky 7.0 and when I finally got my add/ remove open on my contral panel the virus is still trying to get access, so I clicked deny of course, but will this keep happening or is there a way to block it forever?

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 10 June 2008 - 11:36 AM

Hi Tiffany37,


You are still infected, so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Kaspersky Antivirus before running ComboFix, as it will prevent it from running.

To disable Kaspersky Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right click it-> select Pause Protection.
  • click on -> By User Request
  • a popup will claim that protection is now disabled and a sign like this: Posted Image will now be shown.
You succesfully disabled the Kaspersky Antivirus Guard.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

 When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT 
It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read  here   what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 11 June 2008 - 08:39 AM

ComboFix 08-06-10.1 - Tiffany Bodison 2008-06-10 21:19:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.443 [GMT -4:00]
Running from: C:\Documents and Settings\Tiffany Bodison\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tiffany Bodison\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\alfipvja.ini
C:\WINDOWS\system32\bdMWaccf.ini
C:\WINDOWS\system32\bdMWaccf.ini2
C:\WINDOWS\system32\vjvfreav.ini
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-10 21:13 . 2008-06-10 21:14 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-10 05:32 . 2008-06-10 05:32 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Malwarebytes
2008-06-10 05:31 . 2008-06-10 05:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 05:31 . 2008-06-10 05:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 05:31 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 05:31 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 05:22 . 2008-06-10 05:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 23:10 . 2008-06-09 23:10 <DIR> d-------- C:\temp
2008-06-09 22:15 . 2008-06-09 22:15 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Sonic
2008-06-09 22:14 . 2008-06-09 22:14 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Leadertech
2008-06-08 20:03 . 2008-06-08 20:03 <DIR> d-------- C:\Deckard
2008-06-08 06:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-07 13:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-06 19:59 . 2008-06-08 15:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-06 18:40 . 2008-06-06 18:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-06 18:40 . 2008-06-06 18:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-06 18:40 . 2008-06-10 20:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-06 18:25 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-06 18:23 . 2008-06-06 18:23 <DIR> d-------- C:\WINDOWS\EHome
2008-06-06 18:02 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-06-06 18:01 . 2006-10-05 04:31 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-06-06 18:00 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003056_.tmp
2008-05-31 17:56 . 2008-05-31 17:56 22 --a------ C:\WINDOWS\mahjong.ini
2008-05-30 22:01 . 2008-05-30 22:36 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-30 22:01 . 2008-05-30 22:36 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-30 21:56 . 2008-05-30 21:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-30 21:56 . 2008-06-10 21:27 4,438,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-30 21:56 . 2008-06-10 21:25 150,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-30 21:56 . 2008-06-10 21:24 60,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-30 21:56 . 2008-06-10 21:24 15,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-30 21:54 . 2008-05-30 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-30 18:33 . 2008-05-30 18:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 18:33 . 2008-06-10 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 22:05 . 2008-05-29 21:03 34,157 ---hs---- C:\WINDOWS\system32\tgqdthgs.ini
2008-05-28 15:35 . 2008-05-28 15:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 15:14 . 2008-05-28 15:19 480,768 --a------ C:\8.tmp
2008-05-28 15:13 . 2008-05-28 15:13 0 --a------ C:\1.tmp
2008-05-27 22:05 . 2008-05-28 22:05 34,037 ---hs---- C:\WINDOWS\system32\dtejuctr.ini
2008-05-26 21:38 . 2008-05-26 21:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-21 18:57 . 2008-05-21 18:57 <DIR> d-------- C:\Program Files\MumboJumbo
2008-05-17 16:41 . 2008-05-17 16:41 <DIR> d-------- C:\DVDVideoSoft
2008-05-17 16:25 . 2008-06-06 16:15 <DIR> d-------- C:\Program Files\STOIK Imaging
2008-05-17 16:25 . 2008-05-17 16:25 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\STOIK
2008-05-17 15:44 . 2008-05-30 15:05 <DIR> d-------- C:\Program Files\Any Video Converter
2008-05-17 14:59 . 2008-05-17 16:58 <DIR> d-------- C:\ZCVideoConverter
2008-05-17 11:55 . 2008-05-17 15:49 <DIR> d-------- C:\Program Files\Memory Puzzle
2008-05-17 00:33 . 2008-05-17 00:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-16 23:40 . 2008-06-10 21:06 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-16 23:40 . 2008-06-10 21:06 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 18:44 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\U3
2008-05-31 02:37 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-31 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-31 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-31 01:05 --------- d-----w C:\Program Files\Google
2008-05-29 01:07 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\AdobeUM
2008-05-28 02:01 --------- d-----w C:\Program Files\McAfee
2008-05-27 01:33 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\McAfee
2008-05-22 22:58 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\StumbleUpon
2008-05-17 21:06 --------- d-----w C:\Program Files\DivX
2008-05-17 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-17 04:33 --------- d-----w C:\Program Files\Real
2008-05-17 04:33 --------- d-----w C:\Program Files\Common Files\Real
2008-05-17 04:11 --------- d-----w C:\Program Files\QuickTime
2008-04-30 03:58 --------- d-----w C:\Program Files\Kidware.Net Photo Color
2008-04-30 03:10 --------- d-----w C:\Program Files\Pixia
2008-04-30 03:01 --------- d-----w C:\Program Files\Serif
2008-04-30 02:58 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\InstallShield
2008-04-27 15:06 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2008-04-27 15:06 --------- d-----w C:\Program Files\Rhapsody
2008-04-22 20:20 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\DivX
2008-04-20 00:36 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\PlayFirst
2008-04-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-04-19 15:05 --------- d-----w C:\Program Files\Freeze.com Toolbar
2008-04-19 14:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-04-19 14:53 --------- d-----w C:\Program Files\AOL Games
2008-04-19 14:50 --------- d-----w C:\Program Files\Freeze.com
2008-04-19 14:50 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-04-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2004-08-04 08:00 4,096 --sha-w C:\WINDOWS\system32\1112.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D249EB21-482F-4C58-A62F-105819307413}]
C:\WINDOWS\system32\fccaWMdb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 00:33 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 05:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlJaBu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D7AC4]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 05:06]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 00:49:08 C:\WINDOWS\Tasks\$~$Sys0$.job"
- C:\WINDOWS\System32\rundll32.exe7
"2008-05-17 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:26:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 11 June 2008 - 12:49 PM

Hi Tiffany37,

The following is referring to RegistryPowerCleaner.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.



Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

Freeze.com
Any screensavers that you downloaded from freeze.com


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

KILLALL:: 

File:: 
C:\WINDOWS\system32\tgqdthgs.ini
C:\WINDOWS\system32\dtejuctr.ini 
C:\8.tmp
C:\1.tmp

Folder:: 
C:\Program Files\Freeze.com
C:\Program Files\Free Offers from Freeze.com

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D249EB21-482F-4C58-A62F-105819307413}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUlJaBu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D7AC4]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Edited by SifuMike, 11 June 2008 - 12:50 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 June 2008 - 12:20 PM

ComboFix 08-06-10.1 - Tiffany Bodison 2008-06-12 12:54:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.526 [GMT -4:00]
Running from: C:\Documents and Settings\Tiffany Bodison\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tiffany Bodison\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\1.tmp
C:\8.tmp
C:\WINDOWS\system32\dtejuctr.ini
C:\WINDOWS\system32\tgqdthgs.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.tmp
C:\8.tmp
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Free Offers from Freeze.com\101_Free_Songs.ico
C:\Program Files\Free Offers from Freeze.com\4115.url
C:\Program Files\Free Offers from Freeze.com\4175.url
C:\Program Files\Free Offers from Freeze.com\4295.url
C:\Program Files\Free Offers from Freeze.com\clickfinderror.ico
C:\Program Files\Free Offers from Freeze.com\control.txt
C:\Program Files\Free Offers from Freeze.com\Ringtones.ico
C:\Program Files\Freeze.com
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__bottomcenter.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__bottomleft.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__bottomright.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__centercenter.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__centerleft.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__centerright.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__topcenter.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__topleft.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\__topright.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\1.css
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\1.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\audiotracks.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\bg.jpg
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\bullet.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\bullet2.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\copy.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\csshover.htc
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\cw_index.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\cw_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\defaultprofile.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\defaultqs.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\down.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\drop_down.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\gt.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\help.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\helplaunch.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\lh_index.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\lh_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\loading.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\loading.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\main.css
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\md5.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\menu1.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\menu2.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\mlmp1.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\mlmpr.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\new_window.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\ng_help_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\ng_help_text.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\ng_index.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\ng_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\nothing.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\paste.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\pg.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset1.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset10.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset11.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset12.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset13.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset14.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset15.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset16.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset17.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset18.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset19.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset2.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset20.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset21.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset22.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset23.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset24.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset25.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset26.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset27.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset28.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset29.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset3.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset30.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset31.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset32.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset33.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset34.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset35.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset36.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset37.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset38.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset39.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset4.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset40.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset41.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset42.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset43.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset44.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset45.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset46.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset5.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset6.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset7.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset8.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\preset9.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\previewlaunch.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\profile.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qs1.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qs2.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qs3.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qs4.swf
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qsskin1.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qsskin2.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qsskin3.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\qsskin4.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\ringtones.js
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\skin1.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\skin2.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\skin3.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\skin4.png
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\style2.css
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tc_index.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tc_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test.css
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test.htm
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\1by10000.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\2502_s00.jpg
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\addFavor.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\addFrien.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\blockuse.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\clear000.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\forwardM.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\icon_add.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\icon_ran.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\messagef.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\myspace0.css
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\no_pic00.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\test_files\sendMail.gif
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\testtmp.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_index.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_menu.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset1.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset10.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset11.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset12.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset13.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset14.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset15.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset16.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset17.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset18.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset19.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset2.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset20.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset21.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset22.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset23.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset24.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset25.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset26.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset27.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset28.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset29.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset3.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset30.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset31.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset32.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset33.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset34.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset35.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset36.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset37.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset38.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset39.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset4.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset40.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset41.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset42.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset43.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset44.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset45.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset46.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset47.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset5.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset6.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset7.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset8.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\tg_preset9.txt
C:\Program Files\Freeze.com\MyLayout Profile Editor\Files\videotracks.html
C:\Program Files\Freeze.com\MyLayout Profile Editor\first.lck
C:\Program Files\Freeze.com\MyLayout Profile Editor\freeze.ico
C:\Program Files\Freeze.com\MyLayout Profile Editor\freeze.url
C:\Program Files\Freeze.com\MyLayout Profile Editor\INSTALL.LOG
C:\Program Files\Freeze.com\MyLayout Profile Editor\ml.ini
C:\Program Files\Freeze.com\MyLayout Profile Editor\MyLayout.exe
C:\Program Files\Freeze.com\MyLayout Profile Editor\undata.exe
C:\Program Files\Freeze.com\MyLayout Profile Editor\undata.ini
C:\Program Files\Freeze.com\MyLayout Profile Editor\UNINSTAL.EXE
C:\WINDOWS\system32\dtejuctr.ini
C:\WINDOWS\system32\tgqdthgs.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-10 21:35 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:35 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 05:32 . 2008-06-10 05:32 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Malwarebytes
2008-06-10 05:31 . 2008-06-10 05:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 05:31 . 2008-06-10 05:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 05:31 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 05:31 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 05:22 . 2008-06-10 05:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 23:10 . 2008-06-09 23:10 <DIR> d-------- C:\temp
2008-06-09 22:15 . 2008-06-09 22:15 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Sonic
2008-06-09 22:14 . 2008-06-09 22:14 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\Leadertech
2008-06-08 20:03 . 2008-06-08 20:03 <DIR> d-------- C:\Deckard
2008-06-08 06:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-07 13:42 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-06 19:59 . 2008-06-08 15:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-06 18:40 . 2008-06-06 18:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-06 18:40 . 2008-06-06 18:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-06 18:40 . 2008-06-10 20:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-06 18:25 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-06 18:23 . 2008-06-06 18:23 <DIR> d-------- C:\WINDOWS\EHome
2008-06-06 18:02 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-06-06 18:01 . 2006-10-05 04:31 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-06-06 18:00 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003056_.tmp
2008-05-31 17:56 . 2008-05-31 17:56 22 --a------ C:\WINDOWS\mahjong.ini
2008-05-30 22:01 . 2008-05-30 22:36 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-30 22:01 . 2008-05-30 22:36 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-30 21:56 . 2008-05-30 21:56 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-30 21:56 . 2008-06-12 13:00 4,700,448 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-30 21:56 . 2008-06-12 13:01 167,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-30 21:56 . 2008-06-12 12:58 64,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-30 21:56 . 2008-06-12 12:58 16,748 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-30 21:54 . 2008-05-30 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-30 18:33 . 2008-05-30 18:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 18:33 . 2008-06-12 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 15:35 . 2008-05-28 15:36 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 21:38 . 2008-05-26 21:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-21 18:57 . 2008-05-21 18:57 <DIR> d-------- C:\Program Files\MumboJumbo
2008-05-17 16:41 . 2008-05-17 16:41 <DIR> d-------- C:\DVDVideoSoft
2008-05-17 16:25 . 2008-06-06 16:15 <DIR> d-------- C:\Program Files\STOIK Imaging
2008-05-17 16:25 . 2008-05-17 16:25 <DIR> d-------- C:\Documents and Settings\Tiffany Bodison\Application Data\STOIK
2008-05-17 15:44 . 2008-05-30 15:05 <DIR> d-------- C:\Program Files\Any Video Converter
2008-05-17 14:59 . 2008-05-17 16:58 <DIR> d-------- C:\ZCVideoConverter
2008-05-17 11:55 . 2008-06-11 13:54 <DIR> d-------- C:\Program Files\Memory Puzzle
2008-05-17 00:33 . 2008-05-17 00:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-16 23:40 . 2008-06-10 21:06 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-16 23:40 . 2008-06-10 21:06 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 18:44 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\U3
2008-05-31 02:37 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-31 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-31 01:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-31 01:05 --------- d-----w C:\Program Files\Google
2008-05-29 01:07 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\AdobeUM
2008-05-28 02:01 --------- d-----w C:\Program Files\McAfee
2008-05-27 01:33 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\McAfee
2008-05-22 22:58 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\StumbleUpon
2008-05-17 21:06 --------- d-----w C:\Program Files\DivX
2008-05-17 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 16:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-17 04:33 --------- d-----w C:\Program Files\Real
2008-05-17 04:33 --------- d-----w C:\Program Files\Common Files\Real
2008-05-17 04:11 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 03:58 --------- d-----w C:\Program Files\Kidware.Net Photo Color
2008-04-30 03:10 --------- d-----w C:\Program Files\Pixia
2008-04-30 03:01 --------- d-----w C:\Program Files\Serif
2008-04-30 02:58 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\InstallShield
2008-04-27 15:06 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2008-04-27 15:06 --------- d-----w C:\Program Files\Rhapsody
2008-04-22 20:20 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\DivX
2008-04-20 00:36 --------- d-----w C:\Documents and Settings\Tiffany Bodison\Application Data\PlayFirst
2008-04-20 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-19 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winferno
2008-04-19 15:05 --------- d-----w C:\Program Files\Freeze.com Toolbar
2008-04-19 14:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-04-19 14:53 --------- d-----w C:\Program Files\AOL Games
2008-04-13 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2004-08-04 08:00 4,096 --sha-w C:\WINDOWS\system32\1112.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_21.32.52.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2007-10-14 19:15:14 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-11 23:31:05 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-10-14 19:15:14 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-11 23:30:49 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-06-11 01:25:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 16:59:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2003-07-15 02:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 02:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 02:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 07:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 07:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-25 22:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-15 02:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 02:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-31 19:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-13 06:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-07-15 02:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-08-03 14:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-24 03:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 03:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 02:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 02:40:12 165,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-25 23:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-25 23:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 03:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-15 02:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 02:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-07-24 02:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-06-18 21:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 21:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-06-18 21:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 21:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 21:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 21:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-07-15 02:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL
+ 2003-07-15 02:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2002-12-17 23:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-17 23:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 02:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2002-04-10 00:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-07-15 02:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-08-08 04:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-15 02:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 07:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-24 02:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 02:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 02:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 02:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2002-12-17 23:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-07-11 06:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 07:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 02:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 02:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 02:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 02:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 02:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 02:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-18 21:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-06-18 21:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 20:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 02:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 03:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 02:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 02:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 03:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 02:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 02:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2007-10-14 19:15:14 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 07:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 07:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 07:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 07:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 03:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 02:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-07-15 02:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-08-10 03:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-15 02:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 02:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-15 02:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 02:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-15 02:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-08-01 19:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 16:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 07:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-15 07:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-31 19:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-15 02:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL
+ 2003-05-09 01:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 02:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-15 02:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-07-21 15:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 02:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-15 02:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 02:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-08-03 14:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-15 03:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-07-03 19:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2007-10-14 19:15:14 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2003-08-06 17:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2007-03-22 23:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 23:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 17:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 17:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 18:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 17:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 17:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 21:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 17:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 17:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 17:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 17:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 17:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 23:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 23:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 23:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 21:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 17:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
- 2008-06-10 04:49:21 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-12 06:30:19 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-10 04:49:21 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-12 06:30:19 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-10 04:49:21 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-12 06:30:20 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-10 04:49:21 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-12 06:30:20 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-10 04:49:21 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-12 06:30:20 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-10 04:49:21 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-12 06:30:20 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-10 04:49:21 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-12 06:30:19 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-10 04:49:22 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-12 06:30:20 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-10 04:49:21 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-12 06:30:19 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-10 04:49:20 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-12 06:30:19 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2003-08-03 14:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 14:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 02:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 23:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-06-11 01:03:21 361,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-12 01:03:04 361,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2003-06-18 21:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 17:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 08:00:00 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-06-11 01:09:57 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-11 14:16:08 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-11 01:09:57 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-11 14:16:08 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-08-11 00:46:18 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2003-06-18 21:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 17:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 21:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 17:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 17:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 17:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 21:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 17:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 00:33 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 05:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 05:06]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 00:49:08 C:\WINDOWS\Tasks\$~$Sys0$.job"
- C:\WINDOWS\System32\rundll32.exe7
"2008-05-17 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 13:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-06-12 13:06:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 17:06:40
ComboFix2.txt 2008-06-11 01:33:24

Pre-Run: 48,699,342,848 bytes free
Post-Run: 48,724,398,080 bytes free

686 --- E O F --- 2008-06-12 06:30:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:40 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.162.1.1:80
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/c...t_4.2.1.318.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5916 bytes

#9 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 June 2008 - 12:28 PM

I'm still having problems opening certain features under my start menu. Like if i go to My pictures it sends me to the search menu. I have to search for controls that should pop up automatically. I tried to download some photos from my digital cam and it would read the usb card, it sends me straight to search, and asked me to search for the usb card. I've never had to do that b4.

Thank You, for your help.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 12 June 2008 - 01:26 PM

Hi Tiffany37,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Sun Java Runtime Environment 6 Update 6.
  • Scroll down to where it says "Sun Java Runtime Environment 6 Update 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u6-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 6.0 Update 5
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
Go to http://support.f-secure.com/enu/home/ols.shtml

You should disable your Kaspersky antivirus while you run F-secure online scan.

To disable Kaspersky Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right click it-> select Pause Protection.
  • click on -> By User Request
  • a popup will claim that protection is now disabled and a sign like this: Posted Image will now be shown.
You succesfully disabled the Kaspersky Antivirus Guard.

Notes:
This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient


Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post


If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 June 2008 - 05:24 PM

Scanning Report
Thursday, June 12, 2008 16:45:30 - 18:18:48
Computer name: PC113824047319
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 47284
System: 3865
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0102\0314\VALUES

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-06-12
F-Secure AVP: 7.0.171, 2008-06-12
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 12 June 2008 - 05:29 PM

Looks good. :thumbsup: Tell me how the computer is running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 June 2008 - 06:07 PM

Hi,

Thank You, once again for all your help. I have my firewall up, and was wondering does that have anything to do with way, I can't open my pictures file. I still can't open my digital camera usb , Nothing seem to work as far as me opening files, it's still asking me to search, it's the page that pops up with the little puppy. I can open everything on my desk top but when i go under my Start menu, certain things still require to search for them. If i do the search they do appear but I can't open them. Do u think I need to restore parts of my windows programs or something?

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:06:54 PM

Posted 12 June 2008 - 06:10 PM

Hi Tiffany,

Do you have the Windows Installation CD? If so we can run Microsoft's System File Checker program.

Edited by SifuMike, 12 June 2008 - 06:11 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Tiffany37

Tiffany37
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 12 June 2008 - 06:47 PM

I don't have a windows cd. I just have to make it hard don't I? The computer came with software to make recovery disc. I have like 3.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users