Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwar/ Hijackthis log


  • This topic is locked This topic is locked
13 replies to this topic

#1 mikelm06

mikelm06

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 05 December 2008 - 03:43 PM

Hello so Im on my friends comp typeing this because my comp wont let me go to sites like this nor will it let me click on links it brings me to other cites one being antiviruse 2009.. comp is super slow, slow start up and freeze alot i happened to have hijack this on my comp so i ran it and here is the log if someone could help me out let me know.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:36 PM, on 2008-12-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TWlrZWwgTW9ycmlzb24\command.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\rswnw64r.exe
C:\WINDOWS\system32\mcntlsdl.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [{1F-F6-6C-CB-DW}] C:\windows\system32\rswnw64r.exe DWmmm01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntlsdl.exe DWmmm01FF
O4 - HKLM\..\Run: [zocyczlkcnvmcb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\rgpennpobkgtm.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntlsdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64r.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.onerateld.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187754241828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187754221062
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlrZWwgTW9ycmlzb24\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9334 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:05 PM

Posted 15 December 2008 - 11:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 mikelm06

mikelm06
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 December 2008 - 02:30 PM

Sorry it's taking so long my computer frezze ever time I turn it on and when I do get it to work it won't let me go to this site or download those scans Im going to use a jump drive and my home computer. I'm on my iPhone right now. Is there any way to get my laptop to stop frezzing when it does it makes this loud beep if that helps at all

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 18 December 2008 - 08:13 PM

Hello, mikelm06
Have you tried running things in Safe Mode?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 mikelm06

mikelm06
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 December 2008 - 10:19 PM

ok Here it is.. Again sorry for the delay.. Any help you can give would be great.. Thanks

DDS (Version 1.1.0) - NTFSx86
Run by Mikel Morrison at 21:07:03.92 on 2008-12-18
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.103 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\WINDOWS\system32\fxssvc.exe
C:\windows\system32\rswnw64r.exe
C:\WINDOWS\system32\mcntlsdl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
F:\dds.com

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
BHO: {0875E019-8B66-090A-84BF-CB0C28044353} - c:\windows\system32\rgpennpobkgtm.dll
BHO: {73259091-9574-4ED8-A40F-7F65AFC28634} - c:\windows\system32\geBtTLdD.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {80C7DCE9-E10E-1052-BAB0-E679FB407FD2} - c:\windows\system32\smmrkytqrejniyf.dll
BHO: {A678F53A-20C0-428C-8F3F-0D46C6D3C2F5} - c:\windows\system32\avmete.dll
BHO: {bf4891f0-19e1-abd2-d9e7-7c041cb32f57} - c:\windows\system32\nsz18.dll
BHO: {bf74f022-2bd3-47c1-8fb4-90b42a5565df} - c:\windows\system32\iltqxh.dll
BHO: {E0D3198C-4701-4349-9129-A460814AE109} - c:\windows\system32\opnmKEtS.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PhilipsDM] "c:\program files\philips\philips device manager\bin\DeviceManager.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,RunDLLEntry
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [{1F-F6-6C-CB-DW}] c:\windows\system32\rswnw64r.exe DWmmm01FF
mRun: [ExploreUpdSched] c:\windows\system32\mcntlsdl.exe DWmmm01FF
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [zocyczlkcnvmcb] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\rgpennpobkgtm.dll"
StartupFolder: c:\docume~1\mikelm~1\startm~1\programs\startup\deewoo.lnk - c:\windows\system32\mcntlsdl.exe
StartupFolder: c:\docume~1\mikelm~1\startm~1\programs\startup\dw_start.lnk - c:\windows\system32\rswnw64r.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.onerateld.com
Notify: AtiExtEvent - Ati2evxx.dll
Notify: geBtTLdD - geBtTLdD.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {73259091-9574-4ED8-A40F-7F65AFC28634} - c:\windows\system32\geBtTLdD.dll
SecurityProviders: msapsspc.dll schannel.dll digest.dll msnsspc.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnmKEtS

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mikelm~1\applic~1\mozilla\firefox\profiles\pwek9fx5.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\nsadssite.dll
FF - component: c:\program files\mozilla firefox\components\nsbads.dll
FF - component: c:\program files\mozilla firefox\components\nsBrowserCmp.dll
FF - plugin: c:\documents and settings\mikel morrison\application data\mozilla\firefox\profiles\pwek9fx5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 qoemmcts;qoemmcts;c:\windows\system32\drivers\nfjbxwxf.dat []
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-8-18 58464]
R1 videoprtt;videoprtt;c:\windows\system32\drivers\videoprtt.sys [2008-11-23 86272]
R2 McAfeeFramework;McAfee Framework Service;"c:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2007-8-18 98304]
R2 McShield;Network Associates McShield;"c:\program files\network associates\virusscan\mcshield.exe" [2006-2-14 221191]
R2 McTaskManager;Network Associates Task Manager;"c:\program files\network associates\virusscan\vstskmgr.exe" [2006-6-8 29184]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-9-6 197648]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2006-9-6 31248]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-8-18 116864]
S2 cmdService;Command Service;c:\windows\twlrzwwgtw9ycmlzb24\command.exe []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-5-29 24652]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-8-17 11596]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe []
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe []
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe []

=============== Created Last 30 ================

2008-12-18 13:42 1,663,458 ---sh--- c:\windows\system32\gmlxunem.ini
2008-12-18 13:42 72,704 a------- c:\windows\system32\menuxlmg.dll
2008-12-18 13:23 129,024 a------- c:\windows\system32\iltqxh.dll
2008-12-18 13:23 129,024 a------- c:\windows\system32\ksdliklx.dll
2008-12-16 20:19 129,024 a------- c:\windows\system32\uxiato.dll
2008-12-16 20:19 129,024 a------- c:\windows\system32\eeioihvc.dll
2008-12-16 20:18 129,024 a------- c:\windows\system32\hrfhdmky.dll
2008-12-16 20:18 129,024 a------- c:\windows\system32\olqixyem.dll
2008-12-16 20:17 129,024 a------- c:\windows\system32\vjwmvfno.dll
2008-12-16 20:17 1,646,211 a--sh--- c:\windows\system32\vtxyifwj.ini
2008-12-16 20:17 129,024 a------- c:\windows\system32\alxbbsvd.dll
2008-12-16 20:13 1,646,220 a--sh--- c:\windows\system32\vtxyifwj.tmp
2008-12-16 19:22 129,024 a------- c:\windows\system32\fqpyjt.dll
2008-12-16 19:22 129,024 a------- c:\windows\system32\asygwuyd.dll
2008-12-16 19:20 1,646,220 ---sh--- c:\windows\system32\qdepbjud.ini
2008-12-15 16:46 1,646,212 ---sh--- c:\windows\system32\jjvsbqli.ini
2008-12-15 16:15 129,024 a------- c:\windows\system32\ubelfk.dll
2008-12-15 16:15 129,024 a------- c:\windows\system32\tlmkoynr.dll
2008-12-15 12:09 745 a------- c:\windows\system32\ubxfiukg.dll
2008-12-14 14:01 192,582 a------- c:\windows\system32\mcntlsdm.exe
2008-12-10 20:01 1,584,042 ---sh--- c:\windows\system32\dsebpuvo.ini
2008-12-10 20:01 72,704 a------- c:\windows\system32\ovupbesd.dll
2008-12-10 19:59 129,024 a------- c:\windows\system32\nndsgw.dll
2008-12-10 19:59 129,024 a------- c:\windows\system32\vstuxbwe.dll
2008-12-09 15:16 620,544 a------- c:\windows\system32\smmrkytqrejniyf.dll
2008-12-09 14:59 129,024 a------- c:\windows\system32\qpgmdp.dll
2008-12-09 14:59 129,024 a------- c:\windows\system32\cymxvwlx.dll
2008-12-09 14:58 129,024 a------- c:\windows\system32\tvxilqxa.dll
2008-12-08 14:37 129,024 a------- c:\windows\system32\bnlptd.dll
2008-12-08 14:37 129,024 a------- c:\windows\system32\aumgccog.dll
2008-12-08 14:34 1,598,743 a--sh--- c:\windows\system32\rctjdkkc.ini
2008-12-08 14:34 72,704 a------- c:\windows\system32\ckkdjtcr.dll
2008-12-07 14:35 1,479,822 a--sh--- c:\windows\system32\umuvnkgo.ini
2008-12-07 14:32 129,024 a------- c:\windows\system32\ctsrxg.dll
2008-12-07 14:32 129,024 a------- c:\windows\system32\wuaikcrc.dll
2008-12-07 14:10 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-07 14:10 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-07 14:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 14:08 <DIR> --d----- c:\program files\iTunes
2008-12-07 14:03 <DIR> --d----- c:\program files\Bonjour
2008-12-06 19:03 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-06 16:07 129,024 a------- c:\windows\system32\pjujvt.dll
2008-12-06 16:07 129,024 a------- c:\windows\system32\avqpqhax.dll
2008-12-06 16:04 1,479,822 a--sh--- c:\windows\system32\gdeyvspq.ini
2008-12-06 16:04 72,704 a------- c:\windows\system32\qpsvyedg.dll
2008-12-06 15:13 1,479,822 a--sh--- c:\windows\system32\wgxkbwvp.ini
2008-12-05 14:59 129,024 a------- c:\windows\system32\vrajao.dll
2008-12-05 14:59 129,024 a------- c:\windows\system32\xevscthn.dll
2008-12-05 14:56 1,479,822 a--sh--- c:\windows\system32\rsdykiui.ini
2008-12-05 14:56 72,704 a------- c:\windows\system32\iuikydsr.dll
2008-12-01 10:19 129,024 a------- c:\windows\system32\olyejfnq.dll
2008-12-01 10:16 745 a------- c:\windows\system32\rdkhtcpy.dll
2008-11-27 08:47 670,720 a------- c:\windows\system32\nsz18.dll
2008-11-25 22:47 1,648,820 a--sh--- c:\windows\system32\vkwmaioh.ini
2008-11-25 22:47 72,704 a------- c:\windows\system32\hoiamwkv.dll
2008-11-24 20:59 129,024 a------- c:\windows\system32\dgkucm.dll
2008-11-24 20:59 129,024 a------- c:\windows\system32\ccuvnhbm.dll
2008-11-24 20:58 129,024 a------- c:\windows\system32\urpiosxw.dll
2008-11-24 20:57 129,024 a------- c:\windows\system32\ljkhmxme.dll
2008-11-24 20:56 129,024 a------- c:\windows\system32\kqldpifa.dll
2008-11-24 20:51 1,634,114 a--sh--- c:\windows\system32\unbvesmr.ini
2008-11-24 10:13 68,509 a------- c:\windows\system32\smmrkytqrejniyf.dll-uninst.exe
2008-11-24 10:13 272,782 a------- c:\windows\system32\gside.exe
2008-11-23 22:57 200,717 a------- c:\windows\system32\rswnw64r.exe
2008-11-23 22:55 <DIR> --d----- c:\temp\tn3
2008-11-23 21:05 143 a------- c:\windows\system32\mcrh.tmp
2008-11-23 20:51 1,641,348 a--sh--- c:\windows\system32\klkonhxg.ini
2008-11-23 20:51 72,704 a------- c:\windows\system32\gxhnoklk.dll
2008-11-23 20:50 129,024 a------- c:\windows\system32\nwdyze.dll
2008-11-23 20:50 129,024 a------- c:\windows\system32\knrrmaik.dll
2008-11-23 20:49 26,112 a------- c:\windows\system32\cbXPFWnO.dll
2008-11-23 20:49 26,112 a------- c:\windows\system32\yayxyvWn.dll
2008-11-23 20:47 909,855 a--sh--- c:\windows\system32\StEKmnpo.ini2
2008-11-23 20:47 0 a--sh--- c:\windows\system32\StEKmnpo.ini
2008-11-23 20:47 318,464 a------- c:\windows\system32\opnmKEtS.dll
2008-11-23 20:44 863 a------- c:\windows\system32\winpfz33.sys
2008-11-23 20:43 47,582 a------- c:\windows\system32\hwpsvqxkukcrwwyj.exe
2008-11-23 20:43 21 a------- c:\windows\system32\zxdnt3d.cfg
2008-11-23 20:43 548,928 a------- c:\windows\system32\mcntlsdl.exe
2008-11-23 20:43 153,362 a------- c:\windows\system32\g17.exe
2008-11-23 20:43 1,989 a------- c:\windows\uninstall_nmon.vbs
2008-11-23 20:42 200,709 a------- c:\windows\system32\dwwnw64r.exe
2008-11-23 20:42 190 a------- c:\windows\system32\msnav32.ax
2008-11-23 20:42 167,976 a------- c:\windows\system32\drivers\core.cache.dsk
2008-11-23 20:42 <DIR> --d----- c:\temp\FT62
2008-11-23 20:42 86,272 a------- c:\windows\system32\drivers\videoprtt.sys
2008-11-23 20:42 <DIR> --d----- c:\temp\1cb
2008-11-23 20:42 <DIR> --d----- c:\docume~1\mikelm~1\applic~1\gadcom
2008-11-23 20:42 <DIR> --d----- c:\windows\system32\x4
2008-11-23 20:42 <DIR> --d----- c:\windows\system32\mp
2008-11-23 20:42 <DIR> --d----- c:\windows\system32\ID2
2008-11-23 20:42 <DIR> --d----- c:\windows\system32\gp2
2008-11-23 20:42 <DIR> --d----- c:\windows\system32\dim
2008-11-23 20:42 26,112 a------- c:\windows\system32\rqRIbxxy.dll
2008-11-23 20:42 26,112 a------- c:\windows\system32\geBtTLdD.dll
2008-11-23 20:42 29,184 a------- c:\windows\system32\MSINET.oca
2008-11-23 20:38 <DIR> --d----- c:\docume~1\mikelm~1\applic~1\IUpd721
2008-11-23 20:27 <DIR> --d----- c:\docume~1\mikelm~1\applic~1\NI.GSCNS
2008-11-23 20:18 35,840 a------- c:\windows\system32\prunnet.exe
2008-11-21 22:28 <DIR> --d----- c:\program files\uTorrent
2008-11-21 22:28 <DIR> --d----- c:\docume~1\mikelm~1\applic~1\uTorrent

==================== Find3M ====================

2008-12-18 14:04 53,946 a------- c:\windows\system32\cont_adssite-remove.exe
2008-12-16 07:36 385,536 a------- c:\windows\system32\rgpennpobkgtm.dll
2008-10-26 09:43 102,090 a------- c:\windows\system32\adssite-remove.exe
2008-10-24 05:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 05:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 10:57 332,800 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 11:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2007-11-26 23:49 256 ac------ c:\documents and settings\mikel morrison\pool.bin
2007-01-20 17:04 88 ---shr-- c:\windows\system32\61C33FBAA3.sys
2008-08-04 09:55 56 ---shr-- c:\windows\system32\A3BA3FC361.sys
2008-08-04 09:55 5,850 a--sh--- c:\windows\system32\KGyGaAvL.sys
2005-07-29 15:24 472 ac-shr-- c:\windows\twlrzwwgtw9ycmlzb24\nq5OtqT0nq6VwA5WvZb.vbs

============= FINISH: 21:12:10.20 ===============

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 20 December 2008 - 10:01 AM

Hello, mikelm06

Wow.. you have a LOT of nasty stuff in there.

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 mikelm06

mikelm06
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 20 December 2008 - 09:31 PM

Downlaoded it transferred it to my computer tried to open and nothing its like the malware knows it will fix it.. WHat now

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 21 December 2008 - 12:45 AM

Please rename ComboFix to globremover.exe on the clean machine before transfering it.

Then please try running it as described above.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 mikelm06

mikelm06
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 21 December 2008 - 01:25 PM

Hey thanks changing the name worked. Alright i ran the scan and here is the log file..

ComboFix 08-12-20.05 - Mikel Morrison 2008-12-21 11:44:08.2 - NTFSx86
Running from: F:\globremover.exe.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\Mikel Morrison\Application Data\gadcom
c:\documents and settings\Mikel Morrison\Application Data\IUpd721
c:\documents and settings\Mikel Morrison\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Mikel Morrison\Application Data\NI.GSCNS
c:\documents and settings\Mikel Morrison\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Mikel Morrison\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Mikel Morrison\Application Data\urlredir.cfg
c:\documents and settings\Mikel Morrison\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Mikel Morrison\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\Mikel Morrison\Start Menu\Programs\Startup\DW_Start.lnk
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\temp\tn3
c:\windows\system32\adssite-remove.exe
c:\windows\system32\alxbbsvd.dll
c:\windows\system32\asygwuyd.dll
c:\windows\system32\aumgccog.dll
c:\windows\system32\avqpqhax.dll
c:\windows\system32\bnlptd.dll
c:\windows\system32\cbXPFWnO.dll
c:\windows\system32\ccuvnhbm.dll
c:\windows\system32\ckkdjtcr.dll
c:\windows\system32\ctsrxg.dll
c:\windows\system32\cymxvwlx.dll
c:\windows\system32\dgkucm.dll
c:\windows\system32\dim
c:\windows\system32\dwwnw64r.exe
c:\windows\system32\eeioihvc.dll
c:\windows\system32\fqpyjt.dll
c:\windows\system32\geBtTLdD.dll
c:\windows\system32\gp2
c:\windows\system32\gp2\LP2CG24.exe
c:\windows\system32\gside.exe
c:\windows\system32\gxhnoklk.dll
c:\windows\system32\hoiamwkv.dll
c:\windows\system32\hrfhdmky.dll
c:\windows\system32\ID2
c:\windows\system32\ID2\CRAFE913.exe
c:\windows\system32\iltqxh.dll
c:\windows\system32\iuikydsr.dll
c:\windows\system32\knrrmaik.dll
c:\windows\system32\kqldpifa.dll
c:\windows\system32\ksdliklx.dll
c:\windows\system32\laphxnhn.dll
c:\windows\system32\ljkhmxme.dll
c:\windows\system32\mcntlsdm.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\menuxlmg.dll
c:\windows\system32\mp
c:\windows\system32\mp\kstamv3.exe
c:\windows\system32\msnav32.ax
c:\windows\system32\nndsgw.dll
c:\windows\system32\nuovbk.dll
c:\windows\system32\nwdyze.dll
c:\windows\system32\olqixyem.dll
c:\windows\system32\olyejfnq.dll
c:\windows\system32\opnmKEtS.dll
c:\windows\system32\ovupbesd.dll
c:\windows\system32\pjujvt.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\pwhpspkv.dll
c:\windows\system32\qpgmdp.dll
c:\windows\system32\qpsvyedg.dll
c:\windows\system32\rgpennpobkgtm.dll
c:\windows\system32\rqRIbxxy.dll
c:\windows\system32\rswnw64r.exe
c:\windows\system32\smmrkytqrejniyf.dll
c:\windows\system32\StEKmnpo.ini
c:\windows\system32\StEKmnpo.ini2
c:\windows\system32\tlmkoynr.dll
c:\windows\system32\tvxilqxa.dll
c:\windows\system32\ubelfk.dll
c:\windows\system32\urpiosxw.dll
c:\windows\system32\uxiato.dll
c:\windows\system32\vjwmvfno.dll
c:\windows\system32\vrajao.dll
c:\windows\system32\vstuxbwe.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\wuaikcrc.dll
c:\windows\system32\x4
c:\windows\system32\xevscthn.dll
c:\windows\system32\yayxyvWn.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\TWlrZWwgTW9ycmlzb24\
c:\windows\TWlrZWwgTW9ycmlzb24\\nq5OtqT0nq6VwA5WvZb.vbs
c:\windows\uninstall_nmon.vbs
F:\Autorun.inf
c:\windows\system32\avmete.dll . . . . failed to delete
c:\windows\system32\avmete.dll__ . . . . failed to delete
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 12:10 . 2008-12-21 12:10 <DIR> d-------- c:\windows\LastGood
2008-12-21 12:07 . 2008-12-21 12:07 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-12-21 10:40 . 2008-12-21 10:40 1,661,209 --ahs---- c:\windows\system32\vkpsphwp.ini
2008-12-18 13:42 . 2008-12-18 13:43 1,663,458 --ahs---- c:\windows\system32\gmlxunem.ini
2008-12-16 20:17 . 2008-12-16 20:13 1,646,211 --ahs---- c:\windows\system32\vtxyifwj.ini
2008-12-16 20:13 . 2008-12-16 20:13 1,646,220 --ahs---- c:\windows\system32\vtxyifwj.tmp
2008-12-16 19:20 . 2008-12-16 20:12 1,646,220 --ahs---- c:\windows\system32\qdepbjud.ini
2008-12-15 16:46 . 2008-12-15 16:47 1,646,212 --ahs---- c:\windows\system32\jjvsbqli.ini
2008-12-15 12:09 . 2008-12-15 12:09 745 --a------ c:\windows\system32\ubxfiukg.dll
2008-12-10 20:01 . 2008-12-10 20:01 1,584,042 --ahs---- c:\windows\system32\dsebpuvo.ini
2008-12-08 14:34 . 2008-12-08 14:34 1,598,743 --ahs---- c:\windows\system32\rctjdkkc.ini
2008-12-07 14:35 . 2008-12-07 14:35 1,479,822 --ahs---- c:\windows\system32\umuvnkgo.ini
2008-12-07 14:10 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-07 14:10 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-07 14:08 . 2008-12-07 14:10 <DIR> d-------- c:\program files\iTunes
2008-12-07 14:08 . 2008-12-07 14:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 14:03 . 2008-12-07 14:03 <DIR> d-------- c:\program files\Bonjour
2008-12-07 13:57 . 2008-12-07 14:01 <DIR> d-------- c:\program files\QuickTime
2008-12-06 19:03 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-12-06 18:59 . 2008-12-07 14:08 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-06 16:04 . 2008-12-06 16:04 1,479,822 --ahs---- c:\windows\system32\gdeyvspq.ini
2008-12-06 15:13 . 2008-12-06 15:13 1,479,822 --ahs---- c:\windows\system32\wgxkbwvp.ini
2008-12-05 14:56 . 2008-12-05 14:56 1,479,822 --ahs---- c:\windows\system32\rsdykiui.ini
2008-12-01 10:16 . 2008-12-01 10:16 745 --a------ c:\windows\system32\rdkhtcpy.dll
2008-11-27 08:22 . 2008-11-27 08:22 674,304 --a------ c:\windows\system32\nso14.dll
2008-11-25 22:47 . 2008-11-25 22:47 1,648,820 --ahs---- c:\windows\system32\vkwmaioh.ini
2008-11-24 20:51 . 2008-11-25 22:38 1,634,114 --ahs---- c:\windows\system32\unbvesmr.ini
2008-11-24 10:13 . 2008-12-09 20:59 68,509 --a------ c:\windows\system32\smmrkytqrejniyf.dll-uninst.exe
2008-11-23 20:51 . 2008-11-24 10:16 1,641,348 --ahs---- c:\windows\system32\klkonhxg.ini
2008-11-23 20:43 . 2008-11-23 20:43 548,928 --a------ c:\windows\system32\mcntlsdl.exe
2008-11-23 20:43 . 2008-11-23 20:43 153,362 --a------ c:\windows\system32\g17.exe
2008-11-23 20:43 . 2008-12-16 14:27 47,582 --a------ c:\windows\system32\hwpsvqxkukcrwwyj.exe
2008-11-23 20:42 . 2008-11-23 20:42 86,272 --a------ c:\windows\system32\drivers\videoprtt.sys
2008-11-23 20:42 . 2008-11-23 20:42 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-21 22:28 . 2008-11-21 22:28 <DIR> d-------- c:\program files\uTorrent
2008-11-21 22:28 . 2008-11-22 01:35 <DIR> d-------- c:\documents and settings\Mikel Morrison\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 16:14 --------- d-----w c:\program files\World of Warcraft
2008-12-07 21:14 --------- d-----w c:\documents and settings\Mikel Morrison\Application Data\Apple Computer
2008-12-07 20:08 --------- d-----w c:\program files\iPod
2008-12-07 00:40 --------- d-----w c:\documents and settings\Mikel Morrison\Application Data\FrostWire
2008-12-07 00:31 --------- d-----w c:\program files\FrostWire
2008-12-07 00:30 --------- d-----w c:\program files\Incomplete
2008-12-06 23:53 --------- d-----w c:\program files\Apple Software Update
2008-11-17 06:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-11-27 05:49 256 -c--a-w c:\documents and settings\Mikel Morrison\pool.bin
2008-11-27 14:23 640,512 ----a-w c:\program files\mozilla firefox\components\nsadssite.dll
2008-09-04 11:09 343,552 ----a-w c:\program files\mozilla firefox\components\nsbads.dll
2008-01-18 10:06 278,528 ----a-w c:\program files\mozilla firefox\components\nsBrowserCmp.dll
2007-01-20 23:04 88 --sh--r c:\windows\system32\61C33FBAA3.sys
2008-08-04 15:55 56 --sh--r c:\windows\system32\A3BA3FC361.sys
2008-08-04 15:55 5,850 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 18:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 04:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe

2008-04-13 18:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 04:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll

2008-04-13 18:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 04:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 04:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 04:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2008-04-13 18:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 04:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe

2008-04-13 18:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 04:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe

2008-04-13 18:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 04:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe

2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 04:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-20_22.14.45.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 19:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 20:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 21:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-07-27 15:41:48 231,288 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe
+ 2007-07-27 15:41:48 382,840 -c----w c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll
+ 2006-10-19 02:47:20 295,936 -c----w c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 19:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 15:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2007-09-15 02:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-29 05:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-29 05:49:28 606,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
+ 2007-08-29 04:43:30 1,022,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONENOTE.EXE
+ 2007-08-24 09:45:42 101,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
+ 2007-08-24 09:45:42 75,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONFILTER.DLL
+ 2007-08-24 09:45:46 1,167,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONLIBS.DLL
+ 2007-10-13 02:08:52 6,588,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\ONMAIN.DLL
+ 2008-12-07 20:13:32 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\ARPPRODUCTICON.exe
+ 2008-09-20 00:57:31 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\ARPPRODUCTICON.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\EmailWizardShortcut_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:31 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\EmailWizardShortcut_8E832933A07340209FB8DBADC480B69B.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:32 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\MediaManager8.exe_8E832933A07340209FB8DBADC480B69B.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut23_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:32 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut23_8E832933A07340209FB8DBADC480B69B.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:32 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut33_8E832933A07340209FB8DBADC480B69B.exe
- 2007-11-27 04:35:14 3,638 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:32 3,638 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut38_8E832933A07340209FB8DBADC480B69B.exe
- 2007-11-27 04:35:14 25,214 -c--a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-09-20 00:57:31 25,214 ----a-r c:\windows\Installer\{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}\NewShortcut4_8E832933A07340209FB8DBADC480B69B.exe
+ 2008-12-06 21:31:32 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-17 06:07:52 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-12-07 20:03:46 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
- 2008-08-16 04:06:01 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-17 06:09:53 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-08-16 04:06:01 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-11-17 06:09:52 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-08-16 04:06:01 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-17 06:09:52 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-08-16 04:06:01 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-17 06:09:53 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-08-16 04:06:02 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-17 06:09:53 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-08-16 04:06:01 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-11-17 06:09:52 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-08-16 04:06:01 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-11-17 06:09:53 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-08-16 04:06:01 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-11-17 06:09:52 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-25 16:11:18 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2007-07-31 00:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2006-08-16 22:48:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-21 18:07:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-08-16 22:48:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-21 18:07:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-16 22:48:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 18:07:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 16:59:17 53,946 ----a-w c:\windows\system32\cont_adssite-remove.exe
- 2008-06-23 16:57:27 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 ------w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 ------w c:\windows\system32\dllcache\afd.sys
- 2007-07-31 00:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:57:36 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 ------w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ------w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 ------w c:\windows\system32\dllcache\srv.sys
- 2008-06-23 16:57:40 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-06-23 16:57:41 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ------w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2007-07-31 00:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 00:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-08-29 16:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 15:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-04 03:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2004-08-04 04:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2008-04-17 19:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 19:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 20:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-05-22 21:56:50 283,720 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-15 12:48:15 283,720 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2007-06-11 20:34:34 2,115,816 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-10-31 17:00:05 45,218 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-24 00:32:41 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-08-05 18:11:01 15,888,504 ----a-w c:\windows\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 22:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2007-05-15 20:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-30 02:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-31 00:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 20:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2007-07-31 00:18:34 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 20:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 09:15:59 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:53:04 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-04-10 18:09:40 119,922 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-04 19:59:09 119,922 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-10 18:09:40 582,718 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-04 19:59:09 582,718 ----a-w c:\windows\system32\perfh009.dat
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2001-08-18 03:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
+ 2001-08-18 04:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
- 2004-08-04 05:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-08-04 06:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 02:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-24 23:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll
- 2007-07-31 00:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-31 00:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-31 00:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-31 00:19:46 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A678F53A-20C0-428C-8F3F-0D46C6D3C2F5}]
2008-03-04 12:53 98048 --a------ c:\windows\system32\avmete.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf4891f0-19e1-abd2-d9e7-7c041cb32f57}]
2008-11-27 08:22 674304 --a------ c:\windows\system32\nso14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-15 659456]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-07 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 2056275]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-12 13:43 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copperhead]
--a------ 2005-11-25 09:53 155648 c:\program files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 13:58 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 00:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 01:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a------ 2006-04-11 18:39 176201 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a--c--- 2005-08-30 08:30 823362 c:\program files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 19:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 10:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 20:09 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DomainService"=2 (0x2)
"dlcf_device"=3 (0x3)
"btwdins"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\javaw.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 qoemmcts;qoemmcts;c:\windows\system32\drivers\nfjbxwxf.dat []
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-08-18 58464]
R1 videoprtt;videoprtt;c:\windows\system32\drivers\videoprtt.sys [2008-11-23 86272]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-09-06 197648]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2006-09-06 31248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-05-29 24652]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-08-17 11596]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe []
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe []
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0113271b-0076-11dd-af35-0015c5aaace6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbef6698-81c2-11dc-ae92-0015c5aaace6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - ENTDRV51
*Newly Created Service* - TDSSSERV.SYS
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{06769505-B464-4D53-9BF9-26A138729EA2} - c:\windows\system32\opnmKEtS.dll
BHO-{073904d1-517b-4c6a-bc66-06390dcf6b8f} - c:\windows\system32\nuovbk.dll
BHO-{0875E019-8B66-090A-84BF-CB0C28044353} - c:\windows\system32\rgpennpobkgtm.dll
BHO-{73259091-9574-4ED8-A40F-7F65AFC28634} - c:\windows\system32\geBtTLdD.dll
BHO-{80C7DCE9-E10E-1052-BAB0-E679FB407FD2} - c:\windows\system32\smmrkytqrejniyf.dll
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-{1F-F6-6C-CB-DW} - c:\windows\system32\rswnw64r.exe
ShellExecuteHooks-{73259091-9574-4ED8-A40F-7F65AFC28634} - c:\windows\system32\geBtTLdD.dll


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html -
Trusted Zone: *.onerateld.com
FF - ProfilePath - c:\documents and settings\Mikel Morrison\Application Data\Mozilla\Firefox\Profiles\pwek9fx5.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\Mikel Morrison\Application Data\Mozilla\Firefox\Profiles\pwek9fx5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 12:13:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qoemmcts]
"ImagePath"="system32\drivers\nfjbxwxf.dat"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-21 12:16:29 - machine was rebooted [Mikel Morrison]
ComboFix-quarantined-files.txt 2008-12-21 18:16:25
ComboFix2.txt 2008-08-21 03:15:29

Pre-Run: 17,811,697,664 bytes free
Post-Run: 18,312,421,376 bytes free

873 --- E O F --- 2008-11-17 06:10:16

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 22 December 2008 - 11:36 PM

Hello, mikelm06
Your System is Infected with a Backdoor!!
Backdoors cause severe damage to windows' internals, and allow an attacker complete control over the infected system. Because this state allows the attacker to download new malware on demand, log keystrokes, execute programs, and/or view the system's screen, it is recommended to reformat and reinstall the operating system on this machine. Several experts in the security community believe that once a system is infected with one of these types of backdoors, the system itself can never be trusted again.

I ask that you disconnect this system from the internet NOW!. While it is attached to the internet, the attacker can modify the system, and prevent fixes from working as intended.

Another danger of this type of infection is that of Identity Theft. Because such malware can read all of your passwords, bank account numbers, etc. from your keystrokes, I would recomend contacting banking institutions accessed from this machine to ensure your accounts are secure. Most banks will not charge to send you new credit/debit cards, and getting these numbers replaced would be a good idea. It would also be a good idea to change passwords for anything you commonly use online. Online stores, Facebook/Myspace, Email, etc. If it has been on that machine it may have been read by someone else. Don't do it from this machine, as it is now compromised. Do it from another known clean machine. A good place to do this is at your local public library.

I would strongly recomend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:Please let me know if you wish to continue to clean this machine or if you wish to format.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 28 December 2008 - 05:40 PM

Hello, mikelm06
Are you still here? Have you decided?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 29 December 2008 - 09:44 AM

Hello, mikelm06
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 03 January 2009 - 06:31 PM

User returned, topic reopened.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:05 AM

Posted 09 January 2009 - 07:07 PM

Hello, mikelm06
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users