Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 360 ad pop up/ Virtumonde problems


  • This topic is locked This topic is locked
13 replies to this topic

#1 doghinp

doghinp

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 11 January 2009 - 02:24 PM

Had a problem with Antivirus popup and virtumonde infestation. I used Spybot, Malwarebytes, and McAfee. I no longer have popups, but still have virtumonde, and now my internet goes extremely slow. Right before the problem it went about 9 out of 10, and now it goes 2 out of 10. When ever I attempt to change web pages with Firefox slows everything down and this was not a problem before the malware.


DDS (Ver_09-01-07.01) - NTFSx86
Run by Clayton Brostowin at 13:56:52.24 on Sun 01/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.393 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Documents and Settings\Clayton Brostowin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: DisableRegedit = 0 (0x0)
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clayto~1\applic~1\mozilla\firefox\profiles\7aarzhmm.default\
FF - plugin: c:\documents and settings\clayton brostowin\application data\mozilla\firefox\profiles\7aarzhmm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {D52DFE38-DE36-495D-8380-9FB64D82033F} - c:\windows\system32\config\systemprofile\local settings\application data\{D52DFE38-DE36-495D-8380-9FB64D82033F}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-23 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-23 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-21 24652]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-9 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-9 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-9 81288]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-23 33832]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-9 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-9 1079176]
S4 nenum13E;nenum13E;\??\c:\docume~1\clayto~1\locals~1\temp\nenum13e.sys --> c:\docume~1\clayto~1\locals~1\temp\nenum13E.sys [?]

=============== Created Last 30 ================

2009-01-10 00:13 <DIR> --d----- c:\docume~1\clayto~1\applic~1\Malwarebytes
2009-01-10 00:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 00:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 00:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 00:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 18:36 <DIR> --d----- c:\program files\Bonjour
2008-12-28 15:09 <DIR> --d----- c:\documents and settings\clayton brostowin\VASSAL
2008-12-25 01:09 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-25 01:09 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-18 16:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 15:50 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-18 15:50 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-18 14:29 9,141,180 a------- c:\windows\system32\AWN
2008-12-18 14:24 <DIR> --d----- C:\!KillBox
2008-12-18 13:52 161,792 a------- c:\windows\SWREG.exe
2008-12-18 13:52 98,816 a------- c:\windows\sed.exe
2008-12-15 16:02 120 a--sh--- c:\windows\system32\ewuhagew.ini
2008-12-15 02:03 120 a--sh--- c:\windows\system32\asizizag.ini
2008-12-14 23:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-01-08 11:56 46,160 ac------ c:\docume~1\clayto~1\applic~1\wklnhst.dat
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 20:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 20:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 20:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-03 14:24 0 ac------ c:\documents and settings\clayton brostowin\jagex_runescape_preferences.dat
2008-04-22 15:11 61,352 ac------ c:\docume~1\clayto~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 13:59:01.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 11 January 2009 - 03:56 PM

Hi, and Welcome to BleepingComputer :thumbsup:

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.


Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

You need to disable TeaTimer, so that it doesn't interfere with our fix.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For both versions :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left, click Tools
  • Then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Disable McAfee Anti-Virus
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • Right-click it -> chose "Exit."
  • A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 11 January 2009 - 07:08 PM

I got to the point where I was supposed to close McAfee. When I right clicked it on the systems toolbar it had these options;
- Open Security Center
- Updates
- Scan
- Quick Links
- Change Settings
- Verify Subscription
- Customer Support

I found by going into McAfee that I could manually shut down
virus protection
firewall
spyware protection
systemguard protection
script scanning protection

but I have not done so yet. I didn't want to do anything till you told me.

However I do have the GooredLog so I will post that.


GooredFix v1.8 by jpshortstuff
Log created at 18:42 on 11/01/2009 running Option #2 (Clayton Brostowin)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{D52DFE38-DE36-495D-8380-9FB64D82033F}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{D52DFE38-DE36-495D-8380-9FB64D82033F}"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{D52DFE38-DE36-495D-8380-9FB64D82033F}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 11 January 2009 - 07:32 PM

Hi :thumbsup:

Thanks for the GooredFix log.

As for McAfee, disable these two;
virus protection
firewall


And then continue with the ComboFix instructions.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 11 January 2009 - 08:13 PM

Here is the ComboFix report and then the new HJT log. Also, after combofix was finished, it did not fix my clock. Does this mean there was a problem?


Combofix;

ComboFix 09-01-10.03 - Clayton Brostowin 2009-01-11 19:47:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.607 [GMT -5:00]
Running from: c:\documents and settings\Clayton Brostowin\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\asizizag.ini
c:\windows\system32\ewuhagew.ini
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-10 00:13 . 2009-01-10 00:13 <DIR> d-------- c:\documents and settings\Clayton Brostowin\Application Data\Malwarebytes
2009-01-10 00:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 00:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 00:12 . 2009-01-10 00:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 00:12 . 2009-01-10 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 18:36 . 2009-01-08 18:36 <DIR> d-------- c:\program files\Bonjour
2008-12-28 15:09 . 2008-12-28 15:26 <DIR> d-------- c:\documents and settings\Clayton Brostowin\VASSAL
2008-12-25 01:09 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-25 01:09 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2008-12-18 16:00 . 2008-12-18 16:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 15:50 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-18 15:50 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-18 14:29 . 2008-12-18 14:32 9,141,180 --a------ c:\windows\system32\AWN
2008-12-18 14:24 . 2008-12-18 14:25 <DIR> d-------- C:\!KillBox
2008-12-14 23:24 . 2008-12-14 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 23:24 . 2008-12-15 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:43 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\OpenOffice.org2
2009-01-10 15:52 --------- d-----w c:\program files\MUSICMATCH
2009-01-10 15:50 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Musicmatch
2009-01-10 04:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 03:12 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Move Networks
2009-01-08 16:56 46,160 -c--a-w c:\documents and settings\Clayton Brostowin\Application Data\wklnhst.dat
2009-01-08 16:51 --------- d-----w c:\program files\Dl_cats
2008-12-21 16:11 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Apple Computer
2008-12-18 15:01 --------- d-----w c:\program files\Spyware Doctor
2008-12-10 19:07 --------- d-----w c:\program files\Starcraft
2008-12-10 04:21 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\PC Tools
2008-12-09 00:31 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\uqm
2008-12-07 21:39 --------- d-----w c:\program files\QuickTime
2008-12-07 19:55 --------- d-----w c:\program files\iTunes
2008-12-07 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 19:54 --------- d-----w c:\program files\iPod
2008-12-07 19:47 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Azureus
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\AdobeUM
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\AdobeAUM
2008-11-12 23:17 --------- d-----w c:\program files\MSXML 4.0
2008-08-03 19:24 0 -c--a-w c:\documents and settings\Clayton Brostowin\jagex_runescape_preferences.dat
2008-04-22 20:11 61,352 -c--a-w c:\documents and settings\Clayton Brostowin\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-18_14.10.08.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-08 01:28:21 7,680 ----a-w c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-01-08 01:27:39 12,288 ----a-w c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-01-08 01:28:21 33,792 ----a-w c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-01-08 17:43:10 8,192 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-08 17:43:14 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-08 01:28:21 4,608 ----a-w c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-01-08 01:28:21 26,112 ----a-w c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2006-12-25 15:23:45 53,248 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-01-08 01:49:07 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2006-12-25 15:23:45 12,800 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-01-08 01:49:08 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2006-12-25 15:23:46 473,600 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-01-08 01:49:09 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2006-12-25 15:23:47 578,560 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-01-08 01:49:09 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2006-12-25 15:23:47 145,920 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-01-08 01:49:10 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2006-12-25 15:23:47 159,232 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-01-08 01:49:11 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2006-12-25 15:23:48 364,544 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-01-08 01:49:12 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2006-12-25 15:23:49 178,176 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-01-08 01:49:13 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2006-12-25 15:23:43 223,232 -c--a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-08 01:49:06 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-01-08 17:43:28 720,896 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-08 01:27:37 28,672 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-01-08 17:43:14 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-08 01:27:44 6,144 ----a-w c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-01-08 01:27:37 11,264 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-01-08 01:27:37 32,768 ----a-w c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-01-08 01:27:37 6,656 ----a-w c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-01-08 01:28:22 1,564,672 ----a-w c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-01-08 17:43:24 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-08 01:28:22 77,824 ----a-w c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-01-08 17:43:20 303,104 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-08 17:43:24 1,294,336 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-01-08 17:43:12 1,703,936 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-08 17:43:27 90,112 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-08 01:28:25 65,536 ----a-w c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-01-08 17:43:19 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-08 17:43:16 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-08 17:43:16 66,560 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-08 17:43:23 372,736 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-08 17:43:29 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-08 17:43:21 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-08 17:43:17 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-08 17:43:18 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-08 17:43:26 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-08 17:43:08 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-08 17:43:15 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-08 17:43:13 573,440 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-09 16:49:19 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-08 17:43:18 2,052,096 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-08 17:43:22 1,339,392 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2009-01-09 16:49:22 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-08 01:47:02 8,704 ----a-w c:\windows\assembly\GAC\vjscor\1.0.5000.0__b03f5f7f11d50a3a\vjscor.dll
+ 2009-01-08 01:47:02 57,344 ----a-w c:\windows\assembly\GAC\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a\VJSharpCodeProvider.dll
+ 2009-01-08 01:47:03 3,739,648 ----a-w c:\windows\assembly\GAC\vjslib\1.0.5000.0__b03f5f7f11d50a3a\vjslib.dll
+ 2009-01-08 01:47:03 32,768 ----a-w c:\windows\assembly\GAC\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2009-01-08 01:47:03 3,399,680 ----a-w c:\windows\assembly\GAC\vjswfc\1.0.5000.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2009-01-08 01:47:04 8,704 ----a-w c:\windows\assembly\GAC\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2009-01-08 01:47:03 189,952 ----a-w c:\windows\assembly\GAC\vjswfccw\1.0.5000.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2009-01-08 01:47:04 1,105,920 ----a-w c:\windows\assembly\GAC\vjswfchtml\1.0.5000.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2009-01-09 17:37:21 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d9c70dee\CustomMarshalers.dll
+ 2009-01-09 17:41:10 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_be2cdcbc\mscorlib.dll
+ 2009-01-09 17:40:25 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c3834724\System.Design.dll
+ 2009-01-09 17:38:18 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8e31ccc2\System.Drawing.Design.dll
+ 2009-01-09 17:40:45 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b5784f81\System.Drawing.dll
+ 2009-01-09 17:39:13 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_78338640\System.Windows.Forms.dll
+ 2009-01-09 17:39:45 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d90597c6\System.Xml.dll
+ 2009-01-09 16:49:46 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f0a9ac53\System.dll
+ 2009-01-09 17:42:45 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjscor\1.0.5000.0__b03f5f7f11d50a3a_06d86ffe\vjscor.dll
+ 2009-01-09 17:41:27 69,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\VJSharpCodeProvider\7.0.5000.0__b03f5f7f11d50a3a_1ca6dbbf\VJSharpCodeProvider.dll
+ 2009-01-09 17:42:41 4,468,736 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjslib\1.0.5000.0__b03f5f7f11d50a3a_88230a8d\vjslib.dll
+ 2009-01-09 17:41:56 32,768 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\vjslibcw\1.0.5000.0__b03f5f7f11d50a3a_c83a31a7\vjslibcw.dll
+ 2009-01-09 17:41:51 10,240 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\VJSWfcBrowserStubLib\1.0.5000.0__b03f5f7f11d50a3a_bf1b5181\VJSWfcBrowserStubLib.dll
+ 2009-01-08 23:36:20 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2003-02-21 00:09:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 14:42:38 5,632 ----a-w c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-07-19 16:52:48 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-06-27 17:45:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 14:42:38 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2003-02-21 00:09:32 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2003-02-21 07:59:44 16,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 08:55:06 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2002-02-12 16:55:52 54,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\dwintl.dll
+ 2003-02-21 08:02:16 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-03-19 04:38:52 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjscui.dll
+ 2003-03-19 04:36:12 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vjslibui.dll
+ 2003-02-21 10:04:20 155,648 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 12:24:08 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 10:00:36 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 00:19:42 24,576 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2007-04-14 02:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 00:19:22 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2004-07-15 06:49:18 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 06:49:26 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2007-04-14 02:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 16:11:50 219,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 12:24:10 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 12:24:32 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2007-04-14 01:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 16:23:28 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 16:23:44 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 12:24:34 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 12:24:36 33,792 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 09:12:24 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 15:21:40 524,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2002-05-31 07:15:48 186,696 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\dw15.exe
+ 2003-02-21 00:16:32 798,720 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 19:30:14 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 12:24:38 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2004-07-15 19:31:00 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 19:31:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 12:24:40 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 05:35:30 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 12:24:42 15,872 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 00:22:24 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 12:24:44 26,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 12:24:52 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2004-07-15 19:28:58 720,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 19:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 12:24:54 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 12:25:02 6,144 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 12:24:58 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 12:25:06 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 12:25:02 6,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2004-07-15 19:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 19:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 12:25:06 1,564,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2004-07-15 05:32:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 05:32:46 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2007-04-14 01:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 23:43:52 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-21 00:06:34 65,536 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2004-07-15 05:33:22 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 05:33:24 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2007-04-14 01:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 00:09:24 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-21 00:18:34 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 23:43:36 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2007-01-15 21:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-21 00:09:46 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 12:25:24 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 19:28:48 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 12:25:30 12,288 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2588\_PerfCounter.dll
+ 2003-02-21 00:09:34 253,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 00:09:34 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2004-07-15 05:35:04 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 12:26:38 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2004-07-15 19:32:00 1,294,336 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 19:31:14 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 19:29:02 1,703,936 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:28:54 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 12:26:48 65,536 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 19:28:58 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:28:56 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 05:35:12 66,560 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 19:31:58 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:31:12 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:28:58 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:31:54 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:28:52 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 19:28:54 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 19:28:58 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28:52 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:31:16 573,440 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:32:02 2,052,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:29:00 1,339,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 18:51:38 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 16:23:20 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-03-19 04:43:50 19,968 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjc.exe
+ 2003-03-19 04:43:46 1,613,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsc.dll
+ 2003-03-19 06:52:02 8,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjscor.dll
+ 2003-03-19 06:50:02 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSharpCodeProvider.DLL
+ 2003-03-19 06:52:06 3,739,648 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslib.dll
+ 2003-03-19 06:52:08 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjslibcw.dll
+ 2003-03-19 04:30:08 266,240 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjsnativ.dll
+ 2003-03-19 06:52:10 3,399,680 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfc.dll
+ 2003-03-19 06:52:12 8,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VJSWfcBrowserStubLib.dll
+ 2003-03-19 06:52:14 189,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfccw.dll
+ 2003-03-19 06:50:14 1,105,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vjswfchtml.dll
+ 2004-07-15 13:15:14 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 07:11:56 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-03-19 04:43:52 69,632 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2003-03-19 04:38:44 110,592 ----a-w c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
- 2008-12-18 05:37:56 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-18 05:37:56 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-18 05:37:56 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 00:11:48 451,072 ----a-w c:\windows\system32\dllcache\aclayers.dll
+ 2008-04-14 00:11:52 86,528 ----a-w c:\windows\system32\dllcache\directdb.dll
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
+ 2008-04-14 00:11:54 38,912 ----a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 00:11:54 61,440 ----a-w c:\windows\system32\dllcache\icwconn.dll
+ 2008-04-14 00:12:22 86,016 ----a-w c:\windows\system32\dllcache\icwconn2.exe
+ 2008-04-14 00:11:54 32,768 ----a-w c:\windows\system32\dllcache\icwdl.dll
+ 2008-04-14 00:11:54 172,032 ----a-w c:\windows\system32\dllcache\icwhelp.dll
+ 2008-04-14 00:12:22 24,576 ----a-w c:\windows\system32\dllcache\icwrmind.exe
+ 2008-04-14 00:11:54 49,152 ----a-w c:\windows\system32\dllcache\icwutil.dll
+ 2008-04-14 00:12:22 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-04-14 00:12:22 20,480 ----a-w c:\windows\system32\dllcache\inetwiz.exe
- 2005-01-28 18:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 10:52:04 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:30:53 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-14 00:12:00 1,314,816 ----a-w c:\windows\system32\dllcache\msoe.dll
+ 2008-04-13 16:23:54 2,479,616 ----a-w c:\windows\system32\dllcache\msoeres.dll
- 2008-08-20 05:30:51 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:30:52 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 00:12:08 510,976 ----a-w c:\windows\system32\dllcache\wab32.dll
+ 2008-04-13 16:21:48 249,856 ----a-w c:\windows\system32\dllcache\wab32res.dll
- 2008-08-20 05:30:51 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:00:11 666,112 ------w c:\windows\system32\dllcache\wininet.dll
- 2005-01-28 18:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 11:28:36 1,028,096 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 12:07:24 2,376,760 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2007-10-31 19:09:14 30,464 ----a-w c:\windows\system32\drivers\usbaapl.sys
+ 2008-10-01 17:01:28 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2005-01-28 18:44:28 96,768 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-10 10:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2006-12-22 17:28:14 271,360 ----a-w c:\windows\system32\mscoree.dll
+ 2004-07-15 04:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
- 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2003-02-20 23:43:36 4,096 ----a-w c:\windows\system32\mui\0409\mscoreer.dll
+ 2006-12-22 18:02:36 6,144 ----a-w c:\windows\system32\mui\0409\mscorees.dll
+ 2008-10-16 19:07:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2003-02-21 00:16:34 32,768 ----a-w c:\windows\system32\netfxperf.dll
- 2008-12-10 04:24:05 41,066 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-08 17:43:01 53,838 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-10 04:24:05 313,514 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-08 17:43:01 382,260 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2003-02-21 10:16:08 49,152 ----a-w c:\windows\system32\URTTemp\regtlib.exe
- 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
- 2005-01-28 18:44:28 1,027,072 -c--a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 11:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 12:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 294912]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-08-26 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\Atari\\Civilization III Complete\\Conquests\\Civ3Conquests.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-21 24652]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-09 356920]
S4 nenum13E;nenum13E;\??\c:\docume~1\CLAYTO~1\LOCALS~1\Temp\nenum13E.sys --> c:\docume~1\CLAYTO~1\LOCALS~1\Temp\nenum13E.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-10 c:\windows\Tasks\Microsoft Office.job
- c:\progra~1\MI1933~1\Office10\OSA.EXE [2001-02-13 01:01]

2009-01-12 c:\windows\Tasks\uoixfcpz.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2009-01-12 c:\windows\Tasks\{9CC49997-CEF4-4ADD-B8D9-2C3EEAA9FBE2}_CLAY_Clayton Brostowin.job
- c:\windows\system32\mobsync.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
FF - ProfilePath - c:\documents and settings\Clayton Brostowin\Application Data\Mozilla\Firefox\Profiles\7aarzhmm.default\
FF - plugin: c:\documents and settings\Clayton Brostowin\Application Data\Mozilla\Firefox\Profiles\7aarzhmm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 19:54:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-735687960-1352855912-1869390505-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-01-11 20:04:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 01:03:08
ComboFix2.txt 2008-12-18 19:12:46

Pre-Run: 17,565,335,552 bytes free
Post-Run: 17,555,779,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

507 --- E O F --- 2009-01-09 16:49:33





DDS.txt



DDS (Ver_09-01-07.01) - NTFSx86
Run by Clayton Brostowin at 20:07:12.87 on Sun 01/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.540 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clayton Brostowin\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: DisableRegedit = 0 (0x0)
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clayto~1\applic~1\mozilla\firefox\profiles\7aarzhmm.default\
FF - plugin: c:\documents and settings\clayton brostowin\application data\mozilla\firefox\profiles\7aarzhmm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-23 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-23 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-21 24652]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-9 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-9 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-9 81288]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-23 33832]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-9 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-9 1079176]
S4 nenum13E;nenum13E;\??\c:\docume~1\clayto~1\locals~1\temp\nenum13e.sys --> c:\docume~1\clayto~1\locals~1\temp\nenum13E.sys [?]

=============== Created Last 30 ================

2009-01-11 19:44 <DIR> a-dshr-- C:\cmdcons
2009-01-10 00:13 <DIR> --d----- c:\docume~1\clayto~1\applic~1\Malwarebytes
2009-01-10 00:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 00:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 00:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 00:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 18:36 <DIR> --d----- c:\program files\Bonjour
2008-12-28 15:09 <DIR> --d----- c:\documents and settings\clayton brostowin\VASSAL
2008-12-25 01:09 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-25 01:09 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-18 16:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 15:50 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-18 15:50 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-18 14:29 9,141,180 a------- c:\windows\system32\AWN
2008-12-18 14:24 <DIR> --d----- C:\!KillBox
2008-12-18 13:52 161,792 a------- c:\windows\SWREG.exe
2008-12-18 13:52 98,816 a------- c:\windows\sed.exe
2008-12-14 23:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-01-08 11:56 46,160 ac------ c:\docume~1\clayto~1\applic~1\wklnhst.dat
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 20:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 20:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 20:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-03 14:24 0 ac------ c:\documents and settings\clayton brostowin\jagex_runescape_preferences.dat
2008-04-22 15:11 61,352 ac------ c:\docume~1\clayto~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 20:08:22.57 ===============

Attached Files



#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 12 January 2009 - 04:27 AM

Hi :thumbsup:

We need to run ComboFix again, this may or not fix the clock. Occasionally ComboFix is unable to fix the clock, I don't believe this means there was a problem with the main part of the scan though. If it still isn't back to normal after this run we will set it back manually to how it was.

Please disable McAfee as before.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\docume~1\clayto~1\locals~1\temp\nenum13e.sys

Driver::
nenum13E

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • DDS Log (just post.txt).
Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop.
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586.exe to install the newest version.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 12 January 2009 - 12:11 PM

Here is the Combofix log and the DDS. I'll post the rest when I finish it. My clock is fixed now too.


ComboFix 09-01-10.03 - Clayton Brostowin 2009-01-12 11:47:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -5:00]
Running from: c:\documents and settings\Clayton Brostowin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clayton Brostowin\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\docume~1\clayto~1\locals~1\temp\nenum13e.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NENUM13E
-------\Service_nenum13E


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-10 00:13 . 2009-01-10 00:13 <DIR> d-------- c:\documents and settings\Clayton Brostowin\Application Data\Malwarebytes
2009-01-10 00:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 00:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 00:12 . 2009-01-10 00:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-10 00:12 . 2009-01-10 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 18:36 . 2009-01-08 18:36 <DIR> d-------- c:\program files\Bonjour
2008-12-28 15:09 . 2008-12-28 15:26 <DIR> d-------- c:\documents and settings\Clayton Brostowin\VASSAL
2008-12-25 01:09 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-25 01:09 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2008-12-18 16:00 . 2008-12-18 16:00 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 15:50 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-18 15:50 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-18 14:29 . 2008-12-18 14:32 9,141,180 --a------ c:\windows\system32\AWN
2008-12-18 14:24 . 2008-12-18 14:25 <DIR> d-------- C:\!KillBox
2008-12-14 23:24 . 2008-12-14 23:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 23:24 . 2008-12-15 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:43 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\OpenOffice.org2
2009-01-10 15:52 --------- d-----w c:\program files\MUSICMATCH
2009-01-10 15:50 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Musicmatch
2009-01-10 04:58 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 03:12 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Move Networks
2009-01-08 16:56 46,160 -c--a-w c:\documents and settings\Clayton Brostowin\Application Data\wklnhst.dat
2009-01-08 16:51 --------- d-----w c:\program files\Dl_cats
2008-12-21 16:11 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Apple Computer
2008-12-18 15:01 --------- d-----w c:\program files\Spyware Doctor
2008-12-10 19:07 --------- d-----w c:\program files\Starcraft
2008-12-10 04:21 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\PC Tools
2008-12-09 00:31 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\uqm
2008-12-07 21:39 --------- d-----w c:\program files\QuickTime
2008-12-07 19:55 --------- d-----w c:\program files\iTunes
2008-12-07 19:55 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 19:54 --------- d-----w c:\program files\iPod
2008-12-07 19:47 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\Azureus
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\AdobeUM
2008-12-07 06:20 --------- d-----w c:\documents and settings\Clayton Brostowin\Application Data\AdobeAUM
2008-11-12 23:17 --------- d-----w c:\program files\MSXML 4.0
2008-08-03 19:24 0 -c--a-w c:\documents and settings\Clayton Brostowin\jagex_runescape_preferences.dat
2008-04-22 20:11 61,352 -c--a-w c:\documents and settings\Clayton Brostowin\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2009-01-11_20.00.03.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-12 16:43:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-12 16:43:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-11 23:36:22 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-12 16:43:27 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-02-03 294912]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-08-26 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\Atari\\Civilization III Complete\\Conquests\\Civ3Conquests.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-21 24652]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-09 356920]
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-10 c:\windows\Tasks\Microsoft Office.job
- c:\progra~1\MI1933~1\Office10\OSA.EXE [2001-02-13 01:01]

2009-01-12 c:\windows\Tasks\uoixfcpz.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2009-01-12 c:\windows\Tasks\{9CC49997-CEF4-4ADD-B8D9-2C3EEAA9FBE2}_CLAY_Clayton Brostowin.job
- c:\windows\system32\mobsync.exe [2008-04-13 19:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
FF - ProfilePath - c:\documents and settings\Clayton Brostowin\Application Data\Mozilla\Firefox\Profiles\7aarzhmm.default\
FF - plugin: c:\documents and settings\Clayton Brostowin\Application Data\Mozilla\Firefox\Profiles\7aarzhmm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 11:56:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-735687960-1352855912-1869390505-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-12 12:05:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 17:03:41
ComboFix2.txt 2009-01-12 01:04:38
ComboFix3.txt 2008-12-18 19:12:46

Pre-Run: 17,522,262,016 bytes free
Post-Run: 17,519,128,576 bytes free

214 --- E O F --- 2009-01-09 16:49:33



DDS.txt


DDS (Ver_09-01-07.01) - NTFSx86
Run by Clayton Brostowin at 12:07:04.28 on Mon 01/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.549 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Clayton Brostowin\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: DisableRegedit = 0 (0x0)
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clayto~1\applic~1\mozilla\firefox\profiles\7aarzhmm.default\
FF - plugin: c:\documents and settings\clayton brostowin\application data\mozilla\firefox\profiles\7aarzhmm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-9-23 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-9-23 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-9-23 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-9-23 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-9-23 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-23 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-9-23 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-21 24652]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-9 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-9 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-9 81288]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-9-23 33832]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-9 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-9 1079176]

=============== Created Last 30 ================

2009-01-11 19:44 <DIR> a-dshr-- C:\cmdcons
2009-01-10 00:13 <DIR> --d----- c:\docume~1\clayto~1\applic~1\Malwarebytes
2009-01-10 00:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-10 00:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 00:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-10 00:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 18:36 <DIR> --d----- c:\program files\Bonjour
2008-12-28 15:09 <DIR> --d----- c:\documents and settings\clayton brostowin\VASSAL
2008-12-25 01:09 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-25 01:09 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-18 16:00 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-18 15:50 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-18 15:50 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-18 14:29 9,141,180 a------- c:\windows\system32\AWN
2008-12-18 14:24 <DIR> --d----- C:\!KillBox
2008-12-18 13:52 161,792 a------- c:\windows\SWREG.exe
2008-12-18 13:52 98,816 a------- c:\windows\sed.exe
2008-12-14 23:24 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-01-08 11:56 46,160 ac------ c:\docume~1\clayto~1\applic~1\wklnhst.dat
2008-12-12 12:01 3,067,904 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 20:00 666,112 a------- c:\windows\system32\wininet.dll
2008-10-15 20:00 666,112 -------- c:\windows\system32\dllcache\wininet.dll
2008-10-15 20:00 619,520 -------- c:\windows\system32\dllcache\urlmon.dll
2008-10-15 20:00 1,499,136 -------- c:\windows\system32\dllcache\shdocvw.dll
2008-08-03 14:24 0 ac------ c:\documents and settings\clayton brostowin\jagex_runescape_preferences.dat
2008-04-22 15:11 61,352 ac------ c:\docume~1\clayto~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 12:08:13.28 ===============

#8 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 12 January 2009 - 12:40 PM

I updated Java, but when I attempted to do the scan it said this;

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.

You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Invalid file signature]


I've tried it twice and both times have gotten the same message.

#9 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 12 January 2009 - 01:07 PM

When I try to do the scan the website completes the "Downloading and Installing the program" phase but when it gets to the "Updating the Database" phase it gets about 3000 KB done and then it gives a failure reply. I've posted the script below.

Program is starting. Please wait...
Update source selected: http://www.kaspersky.com
Downloading file: packages/kos-extras.jar
Program has started.

Program database is being updated. Please wait...
Update source selected: http://downloads5.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: http://downloads3.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads3.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: http://downloads2.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: http://downloads1.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads2.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: http://downloads4.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads1.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads5.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads4.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml.klz
Downloading file: bases/five/avc/kavset.xml
Invalid file signature: bases/five/avc/kavset.xml
Downloading file: index/master.xml.klz

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Invalid file signature]

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 12 January 2009 - 07:19 PM

Hi there :thumbsup:

OK, some people do have problems with that scan. Can you try this one instead?

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#11 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 12 January 2009 - 09:57 PM

I ran the scan,
it gave me two small txt files.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3760 (20090112)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0dbb54d16a55c74aaefaddbba4319775
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-13 02:49:29
# local_time=2009-01-12 09:49:29 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=305258
# found=1
# scan_time=6969
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm 00CD65CEA3AADD811D0ECC1B819F8923

and

# vers_standard_module=3760 (20090112)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)




Thanks for everything so far.

#12 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 13 January 2009 - 05:49 AM

Hi :)

Log looks good :thumbsup:


Click Start >> Run, and then type ComboFix /u and hit enter.
Click Start >> Run, and then type "%userprofile%\Desktop\GooredFix.exe" /uninstall and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Re-enable TeaTimer:
  • Open Spybot
  • Click on Tools in bottom left hand corner.
  • Click on Resident.
  • Check Resident "TeaTimer" box.
  • Click on Allow change ONLY to popup box with:
  • Entry: SpybotSD Teatimer
  • Click on Mode, select Default mode
  • Close Spybot
Make sure McAfee is re-enabled as well.


Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.
  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Use Mozilla Firefox or Opera as your internet browser.
    These are more secure than Internet Explorer and can be downloaded for free from here:
    Download Mozilla FireFox
    Download Opera
    Alternatively you can upgrade Internet Explorer to version 7.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#13 doghinp

doghinp
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boxford, MA
  • Local time:02:25 AM

Posted 13 January 2009 - 11:37 AM

Thank you very much for all your help.

#14 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:25 AM

Posted 13 January 2009 - 02:14 PM

No problem, glad I could help :thumbsup:

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users