Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Data Firm Left Profiles of 48 Million Users on a Publicly Accessible AWS Server

Featured Deal: Get 92% off a Microsoft Azure Mastery Bundle Deal

Photo

Don't know what it is or what to do

Started by Shibbity , Jan 14 2009 09:55 PM

  • This topic is locked This topic is locked
7 replies to this topic

#1 Shibbity

Shibbity

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:48 AM

Posted 14 January 2009 - 09:55 PM

I have a bad case of spyware and possibly a virus. I get lots of popups about new antivirus programs and other things that I know are just either a virus or spyware. Also when I try running almost any .exe file such as winrar.exe and spyware programs such as Spybot - Search and Destroy or Lavasoft Ad-Aware 2008 I get an invalid floating operation. I will post my dds log. And I would zip my attach.txt file but i get the invalid floating opertion when I try to zip it. Sorry. Any help is greatly appreciated. Thanks.

S (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 23:16:44.40 on 14/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.206 [GMT -3.5:30]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe -k imgsvc
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U6KAV5Q2\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\system32\blank.htm
BHO: {45f1e01b-214f-400b-a327-55934c20fed6} - c:\windows.0\system32\rituvuza.dll
BHO: {2a8acf95-84f3-8928-b6e4-fb58205aa9be}: {eb9aa502-85bf-4e6b-8298-3f4859fca8a2} - c:\windows.0\system32\oxrbvk.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
mRun: [gomewujiki] Rundll32.exe "c:\windows.0\system32\nokanoza.dll",s
mRun: [Framework Windows] frmwrk32.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
mRun: [10c28a47] rundll32.exe "c:\windows.0\system32\poruzowo.dll",b
mRun: [CPM13f1b9db] Rundll32.exe "c:\windows.0\system32\ritujute.dll",a
dRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
dRun: [CTFMON.EXE] ctfmon.exe
dRun: [msiexec.exe] msiconf.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\windows.0\system32\sisifeme.dll c:\windows.0\system32\pewafahu.dll oxrbvk.dll c:\windows.0\system32\ritujute.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\system32\ritujute.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows.0\system32\ritujute.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows.0\system32\fccaYomK
LSA: Notification Packages = scecli c:\windows.0\system32\sisifeme.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hhq555hn.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: XUL Cache: {7CD9C684-1FAB-432E-9F75-CFC461E7D8D0} - c:\windows.0\system32\config\systemprofile\local settings\application data\{7cd9c684-1fab-432e-9f75-cfc461e7d8d0}\

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows.0\system32\drivers\avg7core.sys [2008-3-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows.0\system32\drivers\avg7rsw.sys [2008-3-25 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows.0\system32\drivers\avg7rsxp.sys [2008-3-25 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows.0\system32\drivers\avgclean.sys [2008-3-25 10760]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-3-25 418816]
R4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-3-25 49664]
R4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-3-25 406528]
R4 AvgTdi;AVG Network Redirector;c:\windows.0\system32\drivers\avgtdi.sys [2008-3-25 4960]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

=============== Created Last 30 ================

2009-01-14 18:23 35,328 a------- c:\windows.0\system32\byXRjjHY.dll
2009-01-14 18:23 45,568 -------- c:\windows.0\system32\log.exe
2009-01-14 18:10 1,353,947 ---sh--- c:\windows.0\system32\owozurop.ini
2009-01-14 18:09 131,823 a--sh--- c:\windows.0\system32\oxrbvk.dll
2009-01-13 22:38 <DIR> --d----- c:\program files\CCleaner
2009-01-13 22:37 <DIR> --d----- c:\program files\RegCleaner
2009-01-13 21:52 <DIR> --d----- C:\VundoFix Backups
2009-01-13 14:33 131,884 a--sh--- c:\windows.0\system32\vczqzh.dll
2009-01-13 14:33 1,334,171 ---sh--- c:\windows.0\system32\owelahus.ini
2009-01-13 10:29 1,314,189 ---sh--- c:\windows.0\system32\osulaven.ini
2009-01-13 02:32 131,845 a--sh--- c:\windows.0\system32\ieszcl.dll
2009-01-12 20:15 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-01-12 19:05 <DIR> --d----- c:\program files\Lavasoft
2009-01-12 15:23 31,232 a------- c:\windows.0\system32\pcload.exe
2009-01-12 14:48 1,255,049 ---sh--- c:\windows.0\system32\adunudoy.ini
2009-01-12 14:32 131,910 a--sh--- c:\windows.0\system32\mepyft.dll
2009-01-11 23:50 73,216 a------- c:\windows.0\system32\ffkuz.dll
2009-01-11 21:18 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 21:00 2,022 a------- c:\windows.0\system32\tmp.reg
2009-01-11 12:51 1 a------- c:\windows.0\system32\uniq.tll
2009-01-11 00:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1DD9
2009-01-11 00:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2D234
2009-01-10 22:37 8,192 a------- c:\windows.0\REGLOCS.OLD
2009-01-10 22:34 28,288 ac------ c:\windows.0\system32\dllcache\xjis.nls
2009-01-10 22:32 38,912 ac------ c:\windows.0\system32\dllcache\EXCH_ntfsdrv.dll
2009-01-10 22:31 13,463,552 ac------ c:\windows.0\system32\dllcache\hwxjpn.dll
2009-01-10 22:30 49,664 ac------ c:\windows.0\system32\dllcache\adrot.dll
2009-01-10 22:27 488 a---hr-- c:\windows.0\system32\logonui.exe.manifest
2009-01-10 22:27 749 a---hr-- c:\windows.0\WindowsShell.Manifest
2009-01-10 22:27 749 a---hr-- c:\windows.0\system32\wuaucpl.cpl.manifest
2009-01-10 22:27 749 a---hr-- c:\windows.0\system32\sapi.cpl.manifest
2009-01-10 22:27 749 a---hr-- c:\windows.0\system32\nwc.cpl.manifest
2009-01-10 22:27 749 a---hr-- c:\windows.0\system32\ncpa.cpl.manifest
2009-01-10 22:27 4,399,505 ac------ c:\windows.0\system32\dllcache\nls302en.lex
2009-01-10 22:27 28,160 ac------ c:\windows.0\system32\dllcache\msoobe.exe
2009-01-10 22:24 <DIR> --d----- c:\program files\Messenger
2009-01-10 22:24 1,817,687 ac------ c:\windows.0\system32\dllcache\bckgres.dll
2009-01-10 22:21 186,407 a------- c:\windows.0\system32\nvapps.nvb
2009-01-10 22:17 77,824 ac------ c:\windows.0\system32\dllcache\spcommon.dll
2009-01-10 22:17 61,440 ac------ c:\windows.0\system32\dllcache\spcplui.dll
2009-01-10 22:17 1,685,606 ac------ c:\windows.0\system32\dllcache\sam.spd
2009-01-10 22:17 774,144 ac------ c:\windows.0\system32\dllcache\spttseng.dll
2009-01-10 22:17 643,717 ac------ c:\windows.0\system32\dllcache\ltts1033.lxa
2009-01-10 22:17 605,050 ac------ c:\windows.0\system32\dllcache\r1033tts.lxa
2009-01-10 22:17 888 ac------ c:\windows.0\system32\dllcache\sam.sdf
2009-01-10 22:17 741,376 ac------ c:\windows.0\system32\dllcache\sapi.dll
2009-01-10 22:17 155,648 ac------ c:\windows.0\system32\dllcache\sapi.cpl
2009-01-10 22:17 36,864 ac------ c:\windows.0\system32\dllcache\sapisvr.exe
2009-01-10 18:37 <DIR> --d----- c:\windows.0\ehome
2009-01-05 12:18 491 a------- c:\windows.0\system32\win32hlp.cnf
2009-01-05 02:12 120 a--sh--- c:\windows.0\system32\ukokopan.ini
2009-01-04 16:07 <DIR> --d----- c:\windows.0\system32\appmgmt
2009-01-04 14:06 1,294,046 a--sh--- c:\windows.0\system32\uvabiwaz.ini
2009-01-04 02:05 1,294,028 a--sh--- c:\windows.0\system32\ujakaguh.ini
2009-01-02 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-02 01:16 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-02 01:16 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-01-01 21:22 512,667 a--sh--- c:\windows.0\system32\KmoYaccf.ini
2009-01-01 21:22 512,489 a--sh--- c:\windows.0\system32\KmoYaccf.ini2
2008-12-24 11:40 107,368 a------- c:\windows.0\system32\GEARAspi.dll
2008-12-24 11:40 15,464 a------- c:\windows.0\system32\drivers\GEARAspiWDM.sys
2008-12-24 11:39 <DIR> --d----- c:\program files\iPod
2008-12-24 11:39 <DIR> --d----- c:\program files\iTunes
2008-12-24 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 11:37 32,000 a------- c:\windows.0\system32\drivers\usbaapl.sys
2008-12-20 00:12 <DIR> --d----- c:\program files\Need2Find
2008-12-19 18:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\3433C
2008-12-16 17:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2BED

==================== Find3M ====================

2009-01-14 18:09 99,956 a--sh--- c:\windows.0\system32\ritujute.dll
2009-01-14 18:09 131,823 a--sh--- c:\windows.0\system32\daharubo.dll
2009-01-14 18:09 86,799 a--sh--- c:\windows.0\system32\poruzowo.dll
2009-01-13 14:32 131,884 a--sh--- c:\windows.0\system32\leyuwuyu.dll
2009-01-13 14:32 99,957 a--sh--- c:\windows.0\system32\nanehutu.dll
2009-01-13 14:32 87,204 -------- c:\windows.0\system32\suhalewo.dll
2009-01-13 02:32 131,845 a--sh--- c:\windows.0\system32\tehayela.dll
2009-01-13 02:32 99,675 a--sh--- c:\windows.0\system32\zasiyugi.dll
2009-01-13 02:32 87,244 -------- c:\windows.0\system32\nevaluso.dll
2009-01-12 15:54 111,616 a------- c:\windows.0\system32\userinit.exe
2009-01-12 14:32 131,910 a--sh--- c:\windows.0\system32\pajafiba.dll
2009-01-12 14:32 87,713 a--sh--- c:\windows.0\system32\yodunuda.dll
2009-01-12 13:32 64,195 a--sh--- c:\windows.0\system32\neresazi.dll
2009-01-10 22:54 86,339 a------- c:\windows.0\pchealth\helpctr\offlinecache\index.dat
2009-01-10 22:25 21,864 a------- c:\windows.0\system32\emptyregdb.dat
2009-01-05 02:12 86,262 a--sh--- c:\windows.0\system32\napokoku.dll
2009-01-04 14:05 86,109 a--sh--- c:\windows.0\system32\zawibavu.dll
2009-01-04 02:05 83,626 a------- c:\windows.0\system32\hugakaju.dll
2008-12-12 00:57 78,336 a------- c:\windows.0\system32\Agent.OMZ.Fix.exe
2008-12-01 21:04 57,344 a------- c:\windows.0\uneng.exe
2008-11-29 17:58 82,944 a------- c:\windows.0\system32\IEDFix.C.exe
2008-11-17 16:34 2,306,113 a------- c:\windows.0\system32\GPhotos.scr
0000-00-00 00:00 36,864 a--sh--- c:\windows.0\system32\fugafizu.dll
0000-00-00 00:00 64,512 a--sh--- c:\windows.0\system32\kiyajeru.dll
0000-00-00 00:00 68,608 a--sh--- c:\windows.0\system32\nidefafe.dll
0000-00-00 00:00 64,195 a--sh--- c:\windows.0\system32\nokanoza.dll
0000-00-00 00:00 64,195 a--sh--- c:\windows.0\system32\rituvuza.dll
0000-00-00 00:00 64,195 a--sh--- c:\windows.0\system32\sisifeme.dll

============= FINISH: 23:20:04.24 ===============

BC AdBot (Login to Remove)

 

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:18 PM

Posted 15 January 2009 - 05:00 AM

Hello Shibbity and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Shibbity

Shibbity
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:48 AM

Posted 15 January 2009 - 02:33 PM

Thanks for the help. It seems to have done a lot for my computer. Here are the two log files you asked for. Thanks again and please post anything else you think I need to do.


ComboFix 09-01-13.04 - Administrator 2009-01-15 15:48:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.347 [GMT -3.5:30]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Leah\Desktop\Download programs.url
c:\documents and settings\Leah\Desktop\Games.url
c:\documents and settings\Leah\Desktop\Translator.url
c:\documents and settings\Leah\Desktop\Videos.url
c:\documents and settings\Leah\Favorites\Download programs.url
c:\documents and settings\Leah\Favorites\Games.url
c:\documents and settings\Leah\Favorites\Translator.url
c:\documents and settings\Leah\Favorites\Videos.url
c:\documents and settings\Leah\Start Menu\Programs\Download programs.url
c:\documents and settings\Leah\Start Menu\Programs\Games.url
c:\documents and settings\Leah\Start Menu\Programs\Translator.url
c:\documents and settings\Leah\Start Menu\Programs\Videos.url
c:\documents and settings\Mom and Dad\My Documents\My Documents.url
c:\documents and settings\Mom and Dad\My Documents\My Music\My Music.url
c:\documents and settings\Mom and Dad\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Mom and Dad\My Documents\My Videos\My Video.url
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\Agent.OMZ.Fix.exe
c:\windows.0\system32\byXRjjHY.dll
c:\windows.0\system32\daharubo.dll
c:\windows.0\system32\drivers\seneka.sys
c:\windows.0\system32\drivers\senekaucnpuoeu.sys
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\ieszcl.dll
c:\windows.0\system32\jipilere.dll
c:\windows.0\system32\KmoYaccf.ini
c:\windows.0\system32\KmoYaccf.ini2
c:\windows.0\system32\leyuwuyu.dll
c:\windows.0\system32\mepyft.dll
c:\windows.0\system32\nanehutu.dll
c:\windows.0\system32\neresazi.dll
c:\windows.0\system32\nevaluso.dll
c:\windows.0\system32\nokanoza.dll
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\oxrbvk.dll
c:\windows.0\system32\pajafiba.dll
c:\windows.0\system32\poruzowo.dll
c:\windows.0\system32\Process.exe
c:\windows.0\system32\ritujute.dll
c:\windows.0\system32\rituvuza.dll
c:\windows.0\system32\seneka.dat
c:\windows.0\system32\senekadf.dat
c:\windows.0\system32\senekaefrmwxsr.dll
c:\windows.0\system32\senekalog.dat
c:\windows.0\system32\senekamodeeqwq.dll
c:\windows.0\system32\senekawrujyodd.dll
c:\windows.0\system32\seyawidi.dll
c:\windows.0\system32\sisifeme.dll
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\suhalewo.dll
c:\windows.0\system32\tehayela.dll
c:\windows.0\system32\teyunufa.dll
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\uniq.tll
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\vczqzh.dll
c:\windows.0\system32\win32hlp.cnf
c:\windows.0\system32\WS2Fix.exe
c:\windows.0\system32\yodunuda.dll
c:\windows.0\system32\zasiyugi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-15 15:44 . 2009-01-15 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-14 18:23 . 2009-01-14 18:23 45,568 --------- c:\windows.0\system32\log.exe
2009-01-14 18:10 . 2009-01-14 18:10 1,353,947 ---hs---- c:\windows.0\system32\owozurop.ini
2009-01-13 22:38 . 2009-01-13 22:38 <DIR> d-------- c:\program files\CCleaner
2009-01-13 22:37 . 2009-01-13 22:37 <DIR> d-------- c:\program files\RegCleaner
2009-01-13 21:52 . 2009-01-13 21:52 <DIR> d-------- C:\VundoFix Backups
2009-01-13 21:39 . 2009-01-13 21:39 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com
2009-01-13 14:33 . 2009-01-14 18:09 1,334,171 ---hs---- c:\windows.0\system32\owelahus.ini
2009-01-13 10:29 . 2009-01-13 10:29 1,314,189 ---hs---- c:\windows.0\system32\osulaven.ini
2009-01-12 20:15 . 2009-01-12 20:15 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\program files\Lavasoft
2009-01-12 15:23 . 2009-01-12 15:23 31,232 --a------ c:\windows.0\system32\pcload.exe
2009-01-12 14:48 . 2009-01-12 23:33 1,255,049 ---hs---- c:\windows.0\system32\adunudoy.ini
2009-01-11 23:50 . 2009-01-11 23:50 73,216 --a------ c:\windows.0\system32\ffkuz.dll
2009-01-11 21:18 . 2009-01-11 21:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 00:40 . 2009-01-11 00:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\1DD9
2009-01-11 00:39 . 2009-01-11 00:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D234
2009-01-11 00:33 . 2009-01-11 00:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-01-10 22:37 . 2009-01-10 22:37 8,192 --a------ c:\windows.0\REGLOCS.OLD
2009-01-10 22:34 . 2001-08-23 10:30 28,288 --a--c--- c:\windows.0\system32\dllcache\xjis.nls
2009-01-10 22:32 . 2001-08-23 10:30 10,129,408 --a--c--- c:\windows.0\system32\dllcache\hwxkor.dll
2009-01-10 22:31 . 2001-08-23 10:30 13,463,552 --a--c--- c:\windows.0\system32\dllcache\hwxjpn.dll
2009-01-10 22:30 . 2004-08-03 21:26 2,134,528 --a--c--- c:\windows.0\system32\dllcache\smtpsnap.dll
2009-01-10 22:27 . 2001-08-23 10:30 4,399,505 --a--c--- c:\windows.0\system32\dllcache\nls302en.lex
2009-01-10 22:27 . 2001-08-23 10:30 28,160 --a--c--- c:\windows.0\system32\dllcache\msoobe.exe
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\WindowsShell.Manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\wuaucpl.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\sapi.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\nwc.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\ncpa.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 488 -rah----- c:\windows.0\system32\logonui.exe.manifest
2009-01-10 22:24 . 2001-08-23 10:30 2,178,131 --a--c--- c:\windows.0\system32\dllcache\shvlres.dll
2009-01-10 22:21 . 2008-05-19 18:16 186,407 --a------ c:\windows.0\system32\nvapps.nvb
2009-01-10 22:17 . 2001-08-23 10:30 1,685,606 --a--c--- c:\windows.0\system32\dllcache\sam.spd
2009-01-10 22:17 . 2001-08-23 10:30 774,144 --a--c--- c:\windows.0\system32\dllcache\spttseng.dll
2009-01-10 22:17 . 2004-08-03 21:26 741,376 --a--c--- c:\windows.0\system32\dllcache\sapi.dll
2009-01-10 22:17 . 2001-08-23 10:30 643,717 --a--c--- c:\windows.0\system32\dllcache\ltts1033.lxa
2009-01-10 22:17 . 2001-08-23 10:30 605,050 --a--c--- c:\windows.0\system32\dllcache\r1033tts.lxa
2009-01-10 22:17 . 2004-08-03 21:26 155,648 --a--c--- c:\windows.0\system32\dllcache\sapi.cpl
2009-01-10 22:17 . 2001-08-23 10:30 77,824 --a--c--- c:\windows.0\system32\dllcache\spcommon.dll
2009-01-10 22:17 . 2001-08-23 10:30 61,440 --a--c--- c:\windows.0\system32\dllcache\spcplui.dll
2009-01-10 22:17 . 2001-08-23 10:30 36,864 --a--c--- c:\windows.0\system32\dllcache\sapisvr.exe
2009-01-10 22:17 . 2001-08-23 10:30 888 --a--c--- c:\windows.0\system32\dllcache\sam.sdf
2009-01-10 22:15 . 2009-01-10 22:15 <DIR> d---s---- c:\windows.0\system32\config\systemprofile\History
2009-01-10 18:37 . 2009-01-10 18:42 <DIR> d-------- c:\windows.0\ehome
2009-01-05 02:12 . 2009-01-05 02:12 120 --ahs---- c:\windows.0\system32\ukokopan.ini
2009-01-04 16:18 . 2009-01-04 16:18 0 --a------ c:\windows.0\nsreg.dat
2009-01-04 16:07 . 2009-01-04 16:07 <DIR> d-------- c:\documents and settings\Matthew\Application Data\SUPERAntiSpyware.com
2009-01-04 14:06 . 2009-01-04 16:07 1,294,046 --ahs---- c:\windows.0\system32\uvabiwaz.ini
2009-01-04 02:05 . 2009-01-04 14:05 1,294,028 --ahs---- c:\windows.0\system32\ujakaguh.ini
2009-01-02 01:17 . 2009-01-02 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-02 01:16 . 2009-01-15 15:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-02 01:16 . 2009-01-02 01:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-02 00:56 . 2009-01-02 00:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-01-01 22:13 . 2009-01-01 22:13 <DIR> d-------- c:\documents and settings\Leah\Application Data\DAEMON Tools
2009-01-01 21:33 . 2009-01-01 21:33 <DIR> d-------- c:\documents and settings\Leah\Application Data\VirusRemover2008
2008-12-24 11:40 . 2008-12-24 11:40 <DIR> d-------- c:\documents and settings\Leah\Application Data\Apple Computer
2008-12-24 11:40 . 2008-04-17 13:12 107,368 --a------ c:\windows.0\system32\GEARAspi.dll
2008-12-24 11:40 . 2008-04-17 13:12 15,464 --a------ c:\windows.0\system32\drivers\GEARAspiWDM.sys
2008-12-24 11:39 . 2008-12-24 11:40 <DIR> d-------- c:\program files\iTunes
2008-12-24 11:39 . 2008-12-24 11:39 <DIR> d-------- c:\program files\iPod
2008-12-24 11:39 . 2008-12-24 11:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 11:38 . 2008-12-24 11:39 <DIR> d-------- c:\program files\QuickTime
2008-12-24 11:38 . 2008-12-24 11:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 11:37 . 2008-12-24 11:37 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 11:37 . 2008-11-07 14:23 32,000 --a------ c:\windows.0\system32\drivers\usbaapl.sys
2008-12-24 11:36 . 2008-12-24 11:36 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 11:36 . 2008-12-24 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-19 18:23 . 2008-12-19 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\3433C
2008-12-16 17:12 . 2008-12-16 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\2BED

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 00:52 --------- d-----w c:\documents and settings\Leah\Application Data\Skype
2009-01-13 19:52 --------- d-----w c:\documents and settings\Leah\Application Data\skypePM
2009-01-12 23:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-12 23:28 --------- d-----w c:\program files\Diablo II2
2009-01-12 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-12 19:24 111,616 ----a-w c:\windows.0\system32\userinit.exe
2009-01-05 05:42 86,262 --sha-w c:\windows.0\system32\napokoku.dll
2009-01-04 17:35 86,109 --sha-w c:\windows.0\system32\zawibavu.dll
2009-01-04 05:35 83,626 ----a-w c:\windows.0\system32\hugakaju.dll
2008-12-28 20:15 --------- d-----w c:\documents and settings\Matthew\Application Data\LimeWire
2008-12-24 18:54 --------- d-----w c:\documents and settings\Leah\Application Data\LimeWire
2008-12-20 03:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 03:29 --------- d-----w c:\program files\LimeWire
2008-12-07 18:49 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\LimeWire
2008-12-03 18:33 --------- d-----w c:\program files\Google
2008-12-02 00:34 57,344 ----a-w c:\windows.0\uneng.exe
2008-12-02 00:32 --------- d-----w c:\program files\Roxio
2008-12-02 00:32 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-11-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\C273
2008-11-24 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\37394
2008-11-22 13:53 --------- d-----w c:\documents and settings\All Users\Application Data\634C
2008-11-20 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\724C
2008-11-19 01:42 --------- d-----w c:\documents and settings\Leah\Application Data\Ulead Systems
2008-11-19 01:39 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Skype
2008-11-19 01:38 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Ulead Systems
2008-11-18 23:24 --------- d-----w c:\program files\Ulead Systems
2008-11-18 23:24 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Kodak
2008-11-18 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-18 23:21 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-17 20:04 2,306,113 ----a-w c:\windows.0\system32\GPhotos.scr
2008-11-16 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\2B10A
2008-11-15 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\1838F
2008-11-15 16:24 --------- d-----w c:\program files\BearShare Applications
2008-11-15 16:14 --------- d-----w c:\program files\BearShare
1601-01-01 00:12 36,864 --sha-w c:\windows.0\system32\fugafizu.dll
1601-01-01 00:12 64,512 --sha-w c:\windows.0\system32\kiyajeru.dll
1601-01-01 00:12 68,608 --sha-w c:\windows.0\system32\nidefafe.dll
.

------- Sigcheck -------

2009-01-12 15:54 111616 be9f5da369dddc22224c053bbb27c64e c:\windows.0\system32\userinit.exe
2009-01-12 15:54 111616 be9f5da369dddc22224c053bbb27c64e c:\windows.0\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="ctfmon.exe" [2004-08-03 c:\windows.0\system32\ctfmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows.0\system32\sisifeme.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows.0\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows.0\Tasks\EasyShare Registration Task.job
- c:\windows.0\system32\rundll32.exe [2004-08-03 21:26]

2009-01-15 c:\windows.0\Tasks\fibpzgkc.job
- c:\windows.0\system32\rundll32.exe [2004-08-03 21:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{45f1e01b-214f-400b-a327-55934c20fed6} - c:\windows.0\system32\rituvuza.dll
BHO-{eb9aa502-85bf-4e6b-8298-3f4859fca8a2} - c:\windows.0\system32\oxrbvk.dll
HKU-Default-Run-msiexec.exe - msiconf.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\SYSTEM32\RITUJUTE.DLL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\system32\blank.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hhq555hn.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 15:54:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\wscntfy.exe
c:\windows.0\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2009-01-15 15:57:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-15 19:27:25

Pre-Run: 31,758,036,992 bytes free
Post-Run: 32,165,330,944 bytes free

303



GooredFix v1.83 by jpshortstuff
Log created at 15:37 on 15/01/2009 running Option #2 (Administrator)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{7CD9C684-1FAB-432E-9F75-CFC461E7D8D0}"="C:\WINDOWS.0\system32\config\systemprofile\Local Settings\Application Data\{7CD9C684-1FAB-432E-9F75-CFC461E7D8D0}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS.0\system32\config\systemprofile\Local Settings\Application Data\{7CD9C684-1FAB-432E-9F75-CFC461E7D8D0}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:18 PM

Posted 16 January 2009 - 07:12 AM

Hello Shibbity,

Please install the Recovery Console first !!

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad

window:http://www.bleepingcomputer.com/forums/t/195256/dont-know-what-it-is-or-what-to-do/
Collect::[9]
c:\windows.0\system32\napokoku.dll
c:\windows.0\system32\zawibavu.dll
c:\windows.0\system32\hugakaju.dll
c:\windows.0\system32\fugafizu.dll
c:\windows.0\system32\kiyajeru.dll
c:\windows.0\system32\nidefafe.dll
File::
c:\windows.0\system32\log.exe
c:\windows.0\system32\owozurop.ini
c:\windows.0\system32\owelahus.ini
c:\windows.0\system32\osulaven.ini
c:\windows.0\system32\pcload.exe
c:\windows.0\system32\adunudoy.ini
c:\windows.0\system32\ffkuz.dll
c:\windows.0\system32\ukokopan.ini
c:\windows.0\system32\uvabiwaz.ini
c:\windows.0\system32\ujakaguh.ini
c:\windows.0\Tasks\fibpzgkc.job
Folder::
c:\documents and settings\All Users\Application Data\2B10A
c:\documents and settings\All Users\Application Data\1838F
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):6d,73,76,31,5f,30,00,00
Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the

Combofix log in your next reply, as well as a fresh HijackThislog.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the

malware sample for further investigation. Please allow this if one of your security programs pops up

a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the

C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :thumbsup:

Are you still having problems ?

Greetings,
Thunder

Edited by Thunder, 16 January 2009 - 07:14 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Shibbity

Shibbity
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:48 AM

Posted 16 January 2009 - 04:53 PM

No I'm not really experiencing any problems any more but I'm just trying to make sure everything is fixed. Here are my latest Combofix and HijackThis logs. Let me know what you think. Thanks again for the help.

ComboFix 09-01-16.02 - Administrator 2009-01-16 18:12:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.284 [GMT -3.5:30]
Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\CFScript.txt
* Created a new restore point

FILE ::
c:\windows.0\system32\adunudoy.ini
c:\windows.0\system32\ffkuz.dll
c:\windows.0\system32\log.exe
c:\windows.0\system32\osulaven.ini
c:\windows.0\system32\owelahus.ini
c:\windows.0\system32\owozurop.ini
c:\windows.0\system32\pcload.exe
c:\windows.0\system32\ujakaguh.ini
c:\windows.0\system32\ukokopan.ini
c:\windows.0\system32\uvabiwaz.ini
c:\windows.0\Tasks\fibpzgkc.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\1838F
c:\documents and settings\All Users\Application Data\1838F\{9766F215-A9D0-4303-9D6D-E1F89898A2EE}.swf
c:\documents and settings\All Users\Application Data\2B10A
c:\documents and settings\All Users\Application Data\2B10A\{8984C6BA-2C09-4ECF-B8AA-AA06C238962A}.swf
c:\windows.0\system32\adunudoy.ini
c:\windows.0\system32\ffkuz.dll
c:\windows.0\system32\fugafizu.dll
c:\windows.0\system32\hugakaju.dll
c:\windows.0\system32\kiyajeru.dll
c:\windows.0\system32\log.exe
c:\windows.0\system32\napokoku.dll
c:\windows.0\system32\nidefafe.dll
c:\windows.0\system32\osulaven.ini
c:\windows.0\system32\owelahus.ini
c:\windows.0\system32\owozurop.ini
c:\windows.0\system32\pcload.exe
c:\windows.0\system32\ujakaguh.ini
c:\windows.0\system32\ukokopan.ini
c:\windows.0\system32\uvabiwaz.ini
c:\windows.0\system32\win32hlp.cnf
c:\windows.0\system32\zawibavu.dll
c:\windows.0\Tasks\fibpzgkc.job

Infected copy of c:\windows.0\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows.0\system32\init32.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-15 21:45 . 2008-10-16 17:08 6,066,176 -----c--- c:\windows.0\system32\dllcache\ieframe.dll
2009-01-15 21:45 . 2007-04-17 06:02 2,455,488 -----c--- c:\windows.0\system32\dllcache\ieapfltr.dat
2009-01-15 21:45 . 2007-03-08 01:40 991,232 -----c--- c:\windows.0\system32\dllcache\ieframe.dll.mui
2009-01-15 21:45 . 2008-10-16 17:08 459,264 -----c--- c:\windows.0\system32\dllcache\msfeeds.dll
2009-01-15 21:45 . 2008-10-16 17:08 383,488 -----c--- c:\windows.0\system32\dllcache\ieapfltr.dll
2009-01-15 21:45 . 2008-10-16 17:08 267,776 -----c--- c:\windows.0\system32\dllcache\iertutil.dll
2009-01-15 21:45 . 2008-10-16 17:08 63,488 -----c--- c:\windows.0\system32\dllcache\icardie.dll
2009-01-15 21:45 . 2008-10-16 17:08 52,224 -----c--- c:\windows.0\system32\dllcache\msfeedsbs.dll
2009-01-15 21:45 . 2008-10-16 09:41 13,824 -----c--- c:\windows.0\system32\dllcache\ieudinit.exe
2009-01-15 19:38 . 2009-01-15 21:55 1,374 --a------ c:\windows.0\imsins.BAK
2009-01-15 16:19 . 2008-08-14 06:30 2,180,352 -----c--- c:\windows.0\system32\dllcache\ntoskrnl.exe
2009-01-15 16:19 . 2008-08-14 06:28 2,136,064 -----c--- c:\windows.0\system32\dllcache\ntkrnlmp.exe
2009-01-15 16:19 . 2008-08-14 05:52 2,057,728 -----c--- c:\windows.0\system32\dllcache\ntkrnlpa.exe
2009-01-15 16:19 . 2008-08-14 05:52 2,015,744 -----c--- c:\windows.0\system32\dllcache\ntkrpamp.exe
2009-01-15 16:18 . 2008-06-13 09:40 272,128 --------- c:\windows.0\system32\drivers\bthport.sys
2009-01-15 16:18 . 2008-06-13 09:40 272,128 -----c--- c:\windows.0\system32\dllcache\bthport.sys
2009-01-15 16:04 . 2008-10-24 07:40 453,632 -----c--- c:\windows.0\system32\dllcache\mrxsmb.sys
2009-01-15 15:44 . 2009-01-15 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-01-13 22:38 . 2009-01-13 22:38 <DIR> d-------- c:\program files\CCleaner
2009-01-13 22:37 . 2009-01-13 22:37 <DIR> d-------- c:\program files\RegCleaner
2009-01-13 21:52 . 2009-01-13 21:52 <DIR> d-------- C:\VundoFix Backups
2009-01-13 21:39 . 2009-01-13 21:39 <DIR> d-------- c:\documents and settings\Mom and Dad\Application Data\SUPERAntiSpyware.com
2009-01-12 20:15 . 2009-01-12 20:15 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-12 19:05 . 2009-01-12 19:05 <DIR> d-------- c:\program files\Lavasoft
2009-01-11 21:18 . 2009-01-11 21:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 00:40 . 2009-01-11 00:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\1DD9
2009-01-11 00:39 . 2009-01-11 00:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\2D234
2009-01-11 00:33 . 2009-01-11 00:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-01-10 22:37 . 2009-01-10 22:37 8,192 --a------ c:\windows.0\REGLOCS.OLD
2009-01-10 22:34 . 2001-08-23 10:30 28,288 --a--c--- c:\windows.0\system32\dllcache\xjis.nls
2009-01-10 22:32 . 2001-08-23 10:30 10,129,408 --a--c--- c:\windows.0\system32\dllcache\hwxkor.dll
2009-01-10 22:31 . 2001-08-23 10:30 13,463,552 --a--c--- c:\windows.0\system32\dllcache\hwxjpn.dll
2009-01-10 22:30 . 2004-08-03 21:26 2,134,528 --a--c--- c:\windows.0\system32\dllcache\smtpsnap.dll
2009-01-10 22:27 . 2001-08-23 10:30 4,399,505 --a--c--- c:\windows.0\system32\dllcache\nls302en.lex
2009-01-10 22:27 . 2001-08-23 10:30 28,160 --a--c--- c:\windows.0\system32\dllcache\msoobe.exe
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\WindowsShell.Manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\wuaucpl.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\sapi.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\nwc.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 749 -rah----- c:\windows.0\system32\ncpa.cpl.manifest
2009-01-10 22:27 . 2009-01-10 22:27 488 -rah----- c:\windows.0\system32\logonui.exe.manifest
2009-01-10 22:24 . 2001-08-23 10:30 2,178,131 --a--c--- c:\windows.0\system32\dllcache\shvlres.dll
2009-01-10 22:21 . 2008-05-19 18:16 186,407 --a------ c:\windows.0\system32\nvapps.nvb
2009-01-10 22:17 . 2001-08-23 10:30 1,685,606 --a--c--- c:\windows.0\system32\dllcache\sam.spd
2009-01-10 22:17 . 2001-08-23 10:30 774,144 --a--c--- c:\windows.0\system32\dllcache\spttseng.dll
2009-01-10 22:17 . 2004-08-03 21:26 741,376 --a--c--- c:\windows.0\system32\dllcache\sapi.dll
2009-01-10 22:17 . 2001-08-23 10:30 643,717 --a--c--- c:\windows.0\system32\dllcache\ltts1033.lxa
2009-01-10 22:17 . 2001-08-23 10:30 605,050 --a--c--- c:\windows.0\system32\dllcache\r1033tts.lxa
2009-01-10 22:17 . 2004-08-03 21:26 155,648 --a--c--- c:\windows.0\system32\dllcache\sapi.cpl
2009-01-10 22:17 . 2001-08-23 10:30 77,824 --a--c--- c:\windows.0\system32\dllcache\spcommon.dll
2009-01-10 22:17 . 2001-08-23 10:30 61,440 --a--c--- c:\windows.0\system32\dllcache\spcplui.dll
2009-01-10 22:17 . 2001-08-23 10:30 36,864 --a--c--- c:\windows.0\system32\dllcache\sapisvr.exe
2009-01-10 22:17 . 2001-08-23 10:30 888 --a--c--- c:\windows.0\system32\dllcache\sam.sdf
2009-01-10 22:15 . 2009-01-10 22:15 <DIR> d---s---- c:\windows.0\system32\config\systemprofile\History
2009-01-10 18:37 . 2009-01-10 18:42 <DIR> d-------- c:\windows.0\ehome
2009-01-04 16:18 . 2009-01-04 16:18 0 --a------ c:\windows.0\nsreg.dat
2009-01-04 16:07 . 2009-01-04 16:07 <DIR> d-------- c:\documents and settings\Matthew\Application Data\SUPERAntiSpyware.com
2009-01-02 01:17 . 2009-01-02 01:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-02 01:16 . 2009-01-15 15:25 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-02 01:16 . 2009-01-02 01:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-02 00:56 . 2009-01-02 00:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-01-01 22:13 . 2009-01-01 22:13 <DIR> d-------- c:\documents and settings\Leah\Application Data\DAEMON Tools
2009-01-01 21:33 . 2009-01-01 21:33 <DIR> d-------- c:\documents and settings\Leah\Application Data\VirusRemover2008
2008-12-24 11:40 . 2008-12-24 11:40 <DIR> d-------- c:\documents and settings\Leah\Application Data\Apple Computer
2008-12-24 11:40 . 2008-04-17 13:12 107,368 --a------ c:\windows.0\system32\GEARAspi.dll
2008-12-24 11:40 . 2008-04-17 13:12 15,464 --a------ c:\windows.0\system32\drivers\GEARAspiWDM.sys
2008-12-24 11:39 . 2008-12-24 11:40 <DIR> d-------- c:\program files\iTunes
2008-12-24 11:39 . 2008-12-24 11:39 <DIR> d-------- c:\program files\iPod
2008-12-24 11:39 . 2008-12-24 11:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-24 11:38 . 2008-12-24 11:39 <DIR> d-------- c:\program files\QuickTime
2008-12-24 11:38 . 2008-12-24 11:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-24 11:37 . 2008-12-24 11:37 <DIR> d-------- c:\program files\Apple Software Update
2008-12-24 11:37 . 2008-11-07 14:23 32,000 --a------ c:\windows.0\system32\drivers\usbaapl.sys
2008-12-24 11:36 . 2008-12-24 11:36 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-24 11:36 . 2008-12-24 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-19 18:23 . 2008-12-19 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\3433C
2008-12-16 17:12 . 2008-12-16 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\2BED

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 00:52 --------- d-----w c:\documents and settings\Leah\Application Data\Skype
2009-01-13 19:52 --------- d-----w c:\documents and settings\Leah\Application Data\skypePM
2009-01-12 23:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-12 23:28 --------- d-----w c:\program files\Diablo II2
2009-01-12 22:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-28 20:15 --------- d-----w c:\documents and settings\Matthew\Application Data\LimeWire
2008-12-24 18:54 --------- d-----w c:\documents and settings\Leah\Application Data\LimeWire
2008-12-20 03:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 03:29 --------- d-----w c:\program files\LimeWire
2008-12-11 11:57 333,184 ----a-w c:\windows.0\system32\drivers\srv.sys
2008-12-07 18:49 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\LimeWire
2008-12-03 18:33 --------- d-----w c:\program files\Google
2008-12-02 00:34 57,344 ----a-w c:\windows.0\uneng.exe
2008-12-02 00:32 --------- d-----w c:\program files\Roxio
2008-12-02 00:32 --------- d-----w c:\program files\Common Files\Adaptec Shared
2008-11-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\C273
2008-11-24 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\37394
2008-11-22 13:53 --------- d-----w c:\documents and settings\All Users\Application Data\634C
2008-11-20 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\724C
2008-11-19 01:42 --------- d-----w c:\documents and settings\Leah\Application Data\Ulead Systems
2008-11-19 01:39 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Skype
2008-11-19 01:38 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Ulead Systems
2008-11-18 23:24 --------- d-----w c:\program files\Ulead Systems
2008-11-18 23:24 --------- d-----w c:\documents and settings\Mom and Dad\Application Data\Kodak
2008-11-18 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-18 23:21 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-17 20:04 2,306,113 ----a-w c:\windows.0\system32\GPhotos.scr
2008-10-23 13:01 283,648 ----a-w c:\windows.0\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows.0\system32\wininet.dll
2008-10-16 17:43 202,776 ----a-w c:\windows.0\system32\wuweb.dll
2008-10-16 17:43 1,809,944 ----a-w c:\windows.0\system32\wuaueng.dll
2008-10-16 17:42 561,688 ----a-w c:\windows.0\system32\wuapi.dll
2008-10-16 17:42 323,608 ----a-w c:\windows.0\system32\wucltui.dll
2008-10-16 17:39 92,696 ----a-w c:\windows.0\system32\cdm.dll
2008-10-16 17:39 51,224 ----a-w c:\windows.0\system32\wuauclt.exe
2008-10-16 17:39 43,544 ----a-w c:\windows.0\system32\wups2.dll
2008-10-16 17:38 34,328 ----a-w c:\windows.0\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_15.55.48.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 10:29:04 213,216 -c--a-w c:\windows.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 13:59:04 213,216 -c----w c:\windows.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
- 2006-05-25 10:29:04 371,424 -c--a-w c:\windows.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-25 13:59:04 371,424 -c----w c:\windows.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
- 2006-05-24 12:32:48 213,216 -c--a-w c:\windows.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 16:02:48 213,216 -c----w c:\windows.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2006-05-24 12:32:48 371,424 -c--a-w c:\windows.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2006-05-24 16:02:48 371,424 -c----w c:\windows.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w c:\windows.0\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows.0\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows.0\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows.0\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows.0\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows.0\Driver Cache\i386\ntoskrnl.exe
- 2004-08-04 12:00:00 61,440 -c--a-w c:\windows.0\ie7\admparse.dll
+ 2004-08-04 00:56:42 61,440 -c--a-w c:\windows.0\ie7\admparse.dll
- 2004-08-04 12:00:00 99,840 -c--a-w c:\windows.0\ie7\advpack.dll
+ 2004-08-04 00:56:42 99,840 -c--a-w c:\windows.0\ie7\advpack.dll
- 2004-08-04 12:00:00 35,328 -c--a-w c:\windows.0\ie7\corpol.dll
+ 2004-08-04 00:56:42 35,328 -c--a-w c:\windows.0\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w c:\windows.0\ie7\custsat.dll
- 2004-08-04 12:00:00 357,888 -c--a-w c:\windows.0\ie7\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 -c--a-w c:\windows.0\ie7\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w c:\windows.0\ie7\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 -c--a-w c:\windows.0\ie7\dxtrans.dll
- 2004-08-04 12:00:00 55,808 -c--a-w c:\windows.0\ie7\extmgr.dll
+ 2008-10-16 10:37:02 55,808 -c--a-w c:\windows.0\ie7\extmgr.dll
- 2004-08-04 12:00:00 38,912 -c--a-w c:\windows.0\ie7\hmmapi.dll
+ 2004-08-04 00:56:44 38,912 -c--a-w c:\windows.0\ie7\hmmapi.dll
- 2004-08-04 12:00:00 34,304 -c--a-w c:\windows.0\ie7\ie4uinit.exe
+ 2004-08-04 00:56:52 34,304 -c--a-w c:\windows.0\ie7\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w c:\windows.0\ie7\ieakeng.dll
+ 2004-08-04 00:56:44 139,264 -c--a-w c:\windows.0\ie7\ieakeng.dll
- 2004-08-04 12:00:00 216,576 -c--a-w c:\windows.0\ie7\ieaksie.dll
+ 2004-08-04 00:56:44 216,576 -c--a-w c:\windows.0\ie7\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w c:\windows.0\ie7\ieakui.dll
+ 2001-08-23 14:00:00 221,184 -c--a-w c:\windows.0\ie7\ieakui.dll
- 2004-08-04 12:00:00 323,584 -c--a-w c:\windows.0\ie7\iedkcs32.dll
+ 2004-08-04 00:56:44 323,584 -c--a-w c:\windows.0\ie7\iedkcs32.dll
- 2004-08-04 12:00:00 18,432 -c--a-w c:\windows.0\ie7\iedw.exe
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows.0\ie7\iedw.exe
- 2004-08-04 12:00:00 81,920 -c--a-w c:\windows.0\ie7\ieencode.dll
+ 2004-08-04 00:56:44 81,920 -c--a-w c:\windows.0\ie7\ieencode.dll
- 2004-08-04 12:00:00 249,344 -c--a-w c:\windows.0\ie7\iepeers.dll
+ 2008-10-16 10:37:02 251,392 -c--a-w c:\windows.0\ie7\iepeers.dll
+ 2006-10-17 17:33:40 287,744 -c--a-w c:\windows.0\ie7\ieproxy.dll
- 2004-08-04 12:00:00 48,640 -c--a-w c:\windows.0\ie7\iernonce.dll
+ 2004-08-04 00:56:44 48,640 -c--a-w c:\windows.0\ie7\iernonce.dll
- 2004-08-04 12:00:00 62,976 -c--a-w c:\windows.0\ie7\iesetup.dll
+ 2004-08-04 00:56:44 62,976 -c--a-w c:\windows.0\ie7\iesetup.dll
+ 2006-10-17 17:33:40 180,736 -c--a-w c:\windows.0\ie7\ieui.dll
- 2004-08-04 12:00:00 93,184 -c--a-w c:\windows.0\ie7\iexplore.exe
+ 2004-08-04 00:56:52 93,184 -c--a-w c:\windows.0\ie7\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w c:\windows.0\ie7\imgutil.dll
+ 2004-08-04 00:56:44 35,840 -c--a-w c:\windows.0\ie7\imgutil.dll
- 2004-08-04 12:00:00 96,256 -c--a-w c:\windows.0\ie7\inseng.dll
+ 2008-10-16 10:37:02 96,256 -c--a-w c:\windows.0\ie7\inseng.dll
- 2004-08-04 12:00:00 450,560 -c--a-w c:\windows.0\ie7\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w c:\windows.0\ie7\jscript.dll
- 2004-08-04 12:00:00 15,872 -c--a-w c:\windows.0\ie7\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 -c--a-w c:\windows.0\ie7\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w c:\windows.0\ie7\licmgr10.dll
+ 2004-08-04 00:56:44 22,016 -c--a-w c:\windows.0\ie7\licmgr10.dll
+ 2006-10-17 16:58:32 12,288 -c--a-w c:\windows.0\ie7\msfeedssync.exe
- 2004-08-04 12:00:00 29,184 -c--a-w c:\windows.0\ie7\mshta.exe
+ 2004-08-04 00:56:54 29,184 -c--a-w c:\windows.0\ie7\mshta.exe
- 2004-08-04 12:00:00 3,003,392 -c--a-w c:\windows.0\ie7\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows.0\ie7\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w c:\windows.0\ie7\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 -c--a-w c:\windows.0\ie7\mshtmled.dll
- 2004-08-04 12:00:00 56,832 -c--a-w c:\windows.0\ie7\mshtmler.dll
+ 2004-08-04 00:56:16 56,832 -c--a-w c:\windows.0\ie7\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w c:\windows.0\ie7\msls31.dll
+ 2001-08-23 14:00:00 146,432 -c--a-w c:\windows.0\ie7\msls31.dll
- 2004-08-04 12:00:00 146,432 -c--a-w c:\windows.0\ie7\msrating.dll
+ 2008-10-16 10:37:02 146,432 -c--a-w c:\windows.0\ie7\msrating.dll
- 2004-08-04 12:00:00 530,432 -c--a-w c:\windows.0\ie7\mstime.dll
+ 2008-10-16 10:37:02 532,480 -c--a-w c:\windows.0\ie7\mstime.dll
- 2004-08-04 12:00:00 96,256 -c--a-w c:\windows.0\ie7\occache.dll
+ 2004-08-04 00:56:46 96,256 -c--a-w c:\windows.0\ie7\occache.dll
- 2004-08-04 12:00:00 39,424 -c--a-w c:\windows.0\ie7\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 -c--a-w c:\windows.0\ie7\pngfilt.dll
- 2006-10-17 17:34:20 31,864 -c--a-w c:\windows.0\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:24:42 32,960 -c--a-w c:\windows.0\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:22:06 66,048 -c--a-w c:\windows.0\ie7\spuninst\ieResetIcons.exe
- 2006-09-06 21:43:16 213,216 -c--a-w c:\windows.0\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:13:16 213,216 -c--a-w c:\windows.0\ie7\spuninst\spuninst.exe
- 2006-09-06 21:43:18 371,424 -c--a-w c:\windows.0\ie7\spuninst\updspapi.dll
+ 2006-09-06 21:13:18 371,424 -c--a-w c:\windows.0\ie7\spuninst\updspapi.dll
- 2004-08-04 12:00:00 37,888 -c--a-w c:\windows.0\ie7\url.dll
+ 2004-08-04 00:56:48 37,888 -c--a-w c:\windows.0\ie7\url.dll
- 2004-08-04 12:00:00 601,088 -c--a-w c:\windows.0\ie7\urlmon.dll
+ 2008-10-16 10:37:04 615,936 -c--a-w c:\windows.0\ie7\urlmon.dll
- 2004-08-04 12:00:00 417,792 -c--a-w c:\windows.0\ie7\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w c:\windows.0\ie7\vbscript.dll
- 2004-08-04 12:00:00 848,384 -c--a-w c:\windows.0\ie7\vgx.dll
+ 2004-08-04 00:56:48 848,384 -c--a-w c:\windows.0\ie7\vgx.dll
- 2004-08-04 12:00:00 276,480 -c--a-w c:\windows.0\ie7\webcheck.dll
+ 2004-08-04 00:56:48 276,480 -c--a-w c:\windows.0\ie7\webcheck.dll
+ 2006-10-17 17:05:58 206,336 -c--a-w c:\windows.0\ie7\winfxdocobj.exe
- 2004-08-04 12:00:00 656,384 -c--a-w c:\windows.0\ie7\wininet.dll
+ 2008-10-16 10:37:03 659,456 -c--a-w c:\windows.0\ie7\wininet.dll
+ 2007-08-13 22:09:00 123,904 -c----w c:\windows.0\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 22:05:46 346,624 -c----w c:\windows.0\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 22:05:38 214,528 -c----w c:\windows.0\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 22:24:10 131,584 -c----w c:\windows.0\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w c:\windows.0\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 22:09:06 54,784 -c----w c:\windows.0\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 22:09:26 152,064 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 22:09:54 229,376 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 21:26:54 161,792 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 22:09:50 382,976 -c----w c:\windows.0\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 22:09:10 43,008 -c----w c:\windows.0\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w c:\windows.0\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 22:09:10 13,312 -c----w c:\windows.0\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 22:13:56 622,080 -c----w c:\windows.0\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 22:24:10 27,136 -c----w c:\windows.0\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w c:\windows.0\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w c:\windows.0\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 22:24:12 3,578,368 -c----w c:\windows.0\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 22:24:10 475,648 -c----w c:\windows.0\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 22:14:26 192,000 -c----w c:\windows.0\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 22:24:10 670,720 -c----w c:\windows.0\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 22:14:06 101,376 -c----w c:\windows.0\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 22:06:12 44,544 -c----w c:\windows.0\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows.0\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows.0\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:14:30 105,984 -c----w c:\windows.0\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 22:24:10 1,162,240 -c----w c:\windows.0\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 22:24:10 231,424 -c----w c:\windows.0\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 22:24:10 818,688 -c----w c:\windows.0\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows.0\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows.0\ie7updates\KB958215-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows.0\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows.0\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows.0\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows.0\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows.0\ie7updates\KB958215-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows.0\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows.0\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows.0\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows.0\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows.0\ie7updates\KB958215-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows.0\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows.0\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows.0\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows.0\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows.0\ie7updates\KB958215-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows.0\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows.0\ie7updates\KB958215-IE7\msfeedsbs.dll.000
+ 2008-08-27 17:24:32 3,593,216 -c----w c:\windows.0\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-27 17:24:32 3,593,216 -c----w c:\windows.0\ie7updates\KB958215-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows.0\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows.0\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows.0\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows.0\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows.0\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows.0\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows.0\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows.0\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows.0\ie7updates\KB958215-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows.0\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows.0\ie7updates\KB958215-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows.0\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows.0\ie7updates\KB958215-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows.0\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows.0\ie7updates\KB958215-IE7\wininet.dll.000
- 2004-08-04 00:56:58 208,896 ----a-w c:\windows.0\inf\unregmp2.exe
+ 2006-11-01 22:01:34 315,904 ----a-w c:\windows.0\inf\unregmp2.exe
+ 2006-06-03 11:40:49 33,792 ------w c:\windows.0\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w c:\windows.0\network diagnostic\xpnetdiag.exe
- 2004-08-04 00:56:42 100,352 ----a-w c:\windows.0\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w c:\windows.0\system32\6to4svc.dll
- 2004-08-04 00:56:42 61,440 ----a-w c:\windows.0\system32\admparse.dll
+ 2007-08-13 22:09:20 71,680 ----a-w c:\windows.0\system32\admparse.dll
- 2004-08-04 00:56:42 99,840 ----a-w c:\windows.0\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows.0\system32\advpack.dll
- 2004-08-04 00:56:00 8,192 ----a-w c:\windows.0\system32\asferror.dll
+ 2006-10-19 01:17:08 7,168 ----a-w c:\windows.0\system32\asferror.dll
- 2004-08-04 00:56:42 286,208 ----a-w c:\windows.0\system32\blackbox.dll
+ 2006-10-19 01:17:10 542,720 ----a-w c:\windows.0\system32\blackbox.dll
- 2004-08-04 00:56:42 1,016,832 ----a-w c:\windows.0\system32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows.0\system32\browseui.dll
- 2004-08-04 00:56:42 150,528 ----a-w c:\windows.0\system32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows.0\system32\cdfview.dll
- 2004-08-04 00:56:42 159,232 ----a-w c:\windows.0\system32\cewmdm.dll
+ 2006-10-19 01:17:10 229,376 ----a-w c:\windows.0\system32\cewmdm.dll
- 2004-08-04 00:56:42 1,053,696 ----a-w c:\windows.0\system32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows.0\system32\danim.dll
- 2004-08-04 00:56:42 100,352 -c--a-w c:\windows.0\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w c:\windows.0\system32\dllcache\6to4svc.dll
- 2004-08-04 00:56:42 61,440 -c--a-w c:\windows.0\system32\dllcache\admparse.dll
+ 2007-08-13 22:09:20 71,680 -c--a-w c:\windows.0\system32\dllcache\admparse.dll
- 2004-08-04 00:56:42 99,840 -c--a-w c:\windows.0\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows.0\system32\dllcache\advpack.dll
- 2004-08-03 23:14:16 138,496 -c--a-w c:\windows.0\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c----w c:\windows.0\system32\dllcache\afd.sys
- 2004-08-04 00:56:00 8,192 -c--a-w c:\windows.0\system32\dllcache\asferror.dll
+ 2006-10-19 01:17:08 7,168 -c--a-w c:\windows.0\system32\dllcache\asferror.dll
- 2004-08-04 00:56:42 286,208 -c--a-w c:\windows.0\system32\dllcache\blackbox.dll
+ 2006-10-19 01:17:10 542,720 -c--a-w c:\windows.0\system32\dllcache\blackbox.dll
- 2004-08-04 00:56:42 1,016,832 -c--a-w c:\windows.0\system32\dllcache\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 -c--a-w c:\windows.0\system32\dllcache\browseui.dll
- 2004-08-04 00:56:42 150,528 -c--a-w c:\windows.0\system32\dllcache\cdfview.dll
+ 2008-10-16 10:37:02 151,040 -c--a-w c:\windows.0\system32\dllcache\cdfview.dll
- 2004-08-04 00:56:42 66,560 -c--a-w c:\windows.0\system32\dllcache\cdm.dll
+ 2008-10-16 17:39:44 92,696 -c--a-w c:\windows.0\system32\dllcache\cdm.dll
- 2004-08-04 00:56:42 159,232 -c--a-w c:\windows.0\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:17:10 229,376 -c--a-w c:\windows.0\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 28,672 -c--a-w c:\windows.0\system32\dllcache\custsat.dll
+ 2007-08-13 22:24:10 33,792 -c--a-w c:\windows.0\system32\dllcache\custsat.dll
- 2004-08-04 00:56:42 1,053,696 -c--a-w c:\windows.0\system32\dllcache\danim.dll
+ 2008-10-16 10:37:02 1,054,208 -c--a-w c:\windows.0\system32\dllcache\danim.dll
- 2004-08-04 00:56:44 148,480 -c--a-w c:\windows.0\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w c:\windows.0\system32\dllcache\dnsapi.dll
- 2004-08-04 00:57:04 695,296 -c--a-w c:\windows.0\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:17:10 991,744 -c--a-w c:\windows.0\system32\dllcache\drmv2clt.dll
- 2004-08-04 00:56:44 357,888 -c--a-w c:\windows.0\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows.0\system32\dllcache\dxtmsft.dll
- 2004-08-04 00:56:44 201,728 -c--a-w c:\windows.0\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows.0\system32\dllcache\dxtrans.dll
- 2004-08-04 00:56:44 243,200 -c--a-w c:\windows.0\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w c:\windows.0\system32\dllcache\es.dll
- 2004-08-04 00:56:44 55,808 -c--a-w c:\windows.0\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows.0\system32\dllcache\extmgr.dll
- 2004-08-04 00:56:44 278,016 -c--a-w c:\windows.0\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows.0\system32\dllcache\gdi32.dll
- 2004-08-04 00:56:44 38,912 -c--a-w c:\windows.0\system32\dllcache\hmmapi.dll
+ 2007-08-13 21:48:02 60,416 -c--a-w c:\windows.0\system32\dllcache\hmmapi.dll
- 2004-08-04 00:56:52 34,304 -c--a-w c:\windows.0\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows.0\system32\dllcache\ie4uinit.exe
- 2004-08-04 00:56:44 139,264 -c--a-w c:\windows.0\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows.0\system32\dllcache\ieakeng.dll
- 2004-08-04 00:56:44 216,576 -c--a-w c:\windows.0\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows.0\system32\dllcache\ieaksie.dll
- 2001-08-23 14:00:00 221,184 -c--a-w c:\windows.0\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows.0\system32\dllcache\ieakui.dll
- 2004-08-04 00:56:44 323,584 -c--a-w c:\windows.0\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows.0\system32\dllcache\iedkcs32.dll
- 2004-08-04 00:56:52 18,432 -c--a-w c:\windows.0\system32\dllcache\iedw.exe
+ 2007-08-13 22:14:02 69,120 -c--a-w c:\windows.0\system32\dllcache\iedw.exe
- 2004-08-04 00:56:44 81,920 -c--a-w c:\windows.0\system32\dllcache\ieencode.dll
+ 2007-08-13 22:15:18 78,336 -c--a-w c:\windows.0\system32\dllcache\ieencode.dll
- 2004-08-04 00:56:44 249,344 -c--a-w c:\windows.0\system32\dllcache\iepeers.dll
+ 2007-08-13 22:24:10 191,488 -c--a-w c:\windows.0\system32\dllcache\iepeers.dll
- 2004-08-04 00:56:44 48,640 -c--a-w c:\windows.0\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows.0\system32\dllcache\iernonce.dll
- 2004-08-04 00:56:44 62,976 -c--a-w c:\windows.0\system32\dllcache\iesetup.dll
+ 2007-08-13 22:09:12 55,296 -c--a-w c:\windows.0\system32\dllcache\iesetup.dll
- 2004-08-04 00:56:52 93,184 -c--a-w c:\windows.0\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows.0\system32\dllcache\iexplore.exe
- 2004-08-04 00:56:44 35,840 -c--a-w c:\windows.0\system32\dllcache\imgutil.dll
+ 2007-08-13 22:06:06 36,352 -c--a-w c:\windows.0\system32\dllcache\imgutil.dll
- 2004-08-04 00:56:44 678,400 -c--a-w c:\windows.0\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w c:\windows.0\system32\dllcache\inetcomm.dll
- 2004-08-04 00:56:44 96,256 -c--a-w c:\windows.0\system32\dllcache\inseng.dll
+ 2007-08-13 22:09:02 92,672 -c--a-w c:\windows.0\system32\dllcache\inseng.dll
- 2004-08-04 00:56:44 450,560 -c--a-w c:\windows.0\system32\dllcache\jscript.dll
+ 2007-08-13 22:08:04 491,520 -c--a-w c:\windows.0\system32\dllcache\jscript.dll
- 2004-08-04 00:56:44 15,872 -c--a-w c:\windows.0\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows.0\system32\dllcache\jsproxy.dll
- 2004-08-04 00:56:44 6,656 -c--a-w c:\windows.0\system32\dllcache\laprxy.dll
+ 2006-10-19 01:17:14 11,264 -c--a-w c:\windows.0\system32\dllcache\LAPRXY.dll
- 2004-08-04 00:56:44 22,016 -c--a-w c:\windows.0\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:14:18 40,960 -c--a-w c:\windows.0\system32\dllcache\licmgr10.dll
- 2004-08-04 00:56:52 103,936 -c--a-w c:\windows.0\system32\dllcache\logagent.exe
+ 2006-10-18 23:33:58 100,864 -c--a-w c:\windows.0\system32\dllcache\logagent.exe
- 2004-08-04 00:56:44 310,272 -c--a-w c:\windows.0\system32\dllcache\mp43dmod.dll
+ 2006-10-19 01:17:14 4,096 -c--a-w c:\windows.0\system32\dllcache\MP43DMOD.dll
- 2004-08-04 00:56:44 384,512 -c--a-w c:\windows.0\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 01:17:14 4,096 -c--a-w c:\windows.0\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 00:56:44 240,640 -c--a-w c:\windows.0\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 01:17:14 4,096 -c--a-w c:\windows.0\system32\dllcache\MPG4DMOD.dll
- 2004-08-04 00:56:44 368,640 -c--a-w c:\windows.0\system32\dllcache\mpvis.dll
+ 2006-10-19 01:17:14 243,712 -c--a-w c:\windows.0\system32\dllcache\mpvis.dll
- 2004-08-04 12:00:00 331,776 -c--a-w c:\windows.0\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows.0\system32\dllcache\msadce.dll
- 2004-08-04 00:56:44 73,728 -c--a-w c:\windows.0\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w c:\windows.0\system32\dllcache\mscms.dll
- 2004-08-04 00:56:54 29,184 -c--a-w c:\windows.0\system32\dllcache\mshta.exe
+ 2007-08-13 22:02:30 45,568 -c--a-w c:\windows.0\system32\dllcache\mshta.exe
- 2004-08-04 00:56:44 3,003,392 -c--a-w c:\windows.0\system32\dllcache\mshtml.dll
+ 2008-10-17 05:38:40 3,593,216 -c----w c:\windows.0\system32\dllcache\mshtml.dll
- 2004-08-04 00:56:44 448,512 -c--a-w c:\windows.0\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows.0\system32\dllcache\mshtmled.dll
- 2004-08-04 00:56:16 56,832 -c--a-w c:\windows.0\system32\dllcache\mshtmler.dll
+ 2007-08-13 21:31:12 48,128 -c--a-w c:\windows.0\system32\dllcache\mshtmler.dll
- 2001-08-23 14:00:00 146,432 -c--a-w c:\windows.0\system32\dllcache\msls31.dll
+ 2007-08-13 22:24:10 156,160 -c--a-w c:\windows.0\system32\dllcache\msls31.dll
- 2004-08-04 00:57:02 259,072 -c--a-w c:\windows.0\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:17:16 179,712 -c--a-w c:\windows.0\system32\dllcache\msnetobj.dll
- 2004-08-04 00:56:44 52,224 -c--a-w c:\windows.0\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:17:16 27,136 -c--a-w c:\windows.0\system32\dllcache\mspmsnsv.dll
- 2004-08-04 00:56:44 201,728 -c--a-w c:\windows.0\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:17:16 175,616 -c--a-w c:\windows.0\system32\dllcache\mspmsp.dll
- 2004-08-04 00:56:44 146,432 -c--a-w c:\windows.0\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows.0\system32\dllcache\msrating.dll
- 2004-08-04 00:57:02 356,352 -c--a-w c:\windows.0\system32\dllcache\msscp.dll
+ 2006-10-19 01:17:16 414,208 -c--a-w c:\windows.0\system32\dllcache\msscp.dll
- 2004-08-04 00:56:44 530,432 -c--a-w c:\windows.0\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows.0\system32\dllcache\mstime.dll
- 2004-08-04 00:56:46 245,760 -c--a-w c:\windows.0\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:17:16 321,536 -c--a-w c:\windows.0\system32\dllcache\mswmdm.dll
- 2004-08-04 00:56:46 245,248 -c--a-w c:\windows.0\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w c:\windows.0\system32\dllcache\mswsock.dll
- 2004-08-04 00:56:46 1,236,480 -c--a-w c:\windows.0\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows.0\system32\dllcache\msxml3.dll
- 2004-08-04 00:56:46 332,288 -c--a-w c:\windows.0\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows.0\system32\dllcache\netapi32.dll
- 2004-08-04 00:56:46 96,256 -c--a-w c:\windows.0\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows.0\system32\dllcache\occache.dll
- 2004-08-04 00:56:46 39,424 -c--a-w c:\windows.0\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows.0\system32\dllcache\pngfilt.dll
- 2004-08-04 00:56:46 237,568 -c--a-w c:\windows.0\system32\dllcache\qasf.dll
+ 2006-10-19 01:17:18 211,456 -c--a-w c:\windows.0\system32\dllcache\qasf.dll
- 2004-08-04 00:56:46 1,287,680 -c--a-w c:\windows.0\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows.0\system32\dllcache\quartz.dll
- 2001-08-23 14:00:00 200,064 -c--a-w c:\windows.0\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows.0\system32\dllcache\rmcast.sys
- 2004-08-04 00:56:58 774,144 -c--a-w c:\windows.0\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:01:38 1,669,120 -c--a-w c:\windows.0\system32\dllcache\setup_wm.exe
- 2004-08-04 00:56:46 1,483,264 -c--a-w c:\windows.0\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 -c--a-w c:\windows.0\system32\dllcache\shdocvw.dll
- 2004-08-04 00:56:46 473,600 -c--a-w c:\windows.0\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 -c--a-w c:\windows.0\system32\dllcache\shlwapi.dll
- 2004-08-03 23:14:46 336,256 -c--a-w c:\windows.0\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows.0\system32\dllcache\srv.sys
- 2004-08-04 00:56:46 246,302 -c--a-w c:\windows.0\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows.0\system32\dllcache\strmdll.dll
- 2004-08-03 23:14:42 359,040 -c--a-w c:\windows.0\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows.0\system32\dllcache\tcpip.sys
- 2004-08-03 23:07:46 223,616 -c--a-w c:\windows.0\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows.0\system32\dllcache\tcpip6.sys
- 2004-08-04 00:56:58 208,896 -c--a-w c:\windows.0\system32\dllcache\unregmp2.exe
+ 2006-11-01 22:01:34 315,904 -c--a-w c:\windows.0\system32\dllcache\unregmp2.exe
- 2004-08-04 00:56:48 37,888 -c--a-w c:\windows.0\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows.0\system32\dllcache\url.dll
- 2004-08-04 00:56:48 601,088 -c--a-w c:\windows.0\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows.0\system32\dllcache\urlmon.dll
- 2009-01-12 19:24:16 111,616 -c--a-w c:\windows.0\system32\dllcache\userinit.exe
+ 2004-08-04 12:00:00 24,576 -c--a-w c:\windows.0\system32\dllcache\userinit.exe
- 2004-08-04 00:56:48 417,792 -c--a-w c:\windows.0\system32\dllcache\vbscript.dll
+ 2007-08-13 22:24:10 413,696 -c--a-w c:\windows.0\system32\dllcache\vbscript.dll
- 2004-08-04 00:56:48 848,384 -c--a-w c:\windows.0\system32\dllcache\vgx.dll
+ 2007-08-13 22:24:10 765,952 -c--a-w c:\windows.0\system32\dllcache\VGX.dll
- 2004-08-04 00:56:48 49,152 -c--a-w c:\windows.0\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w c:\windows.0\system32\dllcache\wdigest.dll
- 2004-08-04 00:56:48 276,480 -c--a-w c:\windows.0\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows.0\system32\dllcache\webcheck.dll
- 2004-08-03 23:17:42 1,835,904 -c--a-w c:\windows.0\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows.0\system32\dllcache\win32k.sys
- 2004-08-04 00:56:48 656,384 -c--a-w c:\windows.0\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows.0\system32\dllcache\wininet.dll
- 2004-08-04 00:56:48 408,064 -c--a-w c:\windows.0\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:17:18 757,248 -c--a-w c:\windows.0\system32\dllcache\WMADMOD.dll
- 2004-08-04 00:56:48 670,720 -c--a-w c:\windows.0\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:17:18 1,117,696 -c--a-w c:\windows.0\system32\dllcache\WMADMOE.dll
- 2004-08-04 00:56:48 230,400 -c--a-w c:\windows.0\system32\dllcache\wmasf.dll
+ 2006-10-19 01:17:18 222,208 -c--a-w c:\windows.0\system32\dllcache\WMASF.dll
- 2004-08-04 00:56:48 27,136 -c--a-w c:\windows.0\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:17:18 33,792 -c--a-w c:\windows.0\system32\dllcache\wmdmlog.dll
- 2004-08-04 00:56:48 23,552 -c--a-w c:\windows.0\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:17:18 37,376 -c--a-w c:\windows.0\system32\dllcache\wmdmps.dll
- 2004-08-04 00:56:36 168,448 -c--a-w c:\windows.0\system32\dllcache\wmerror.dll
+ 2006-10-19 01:17:20 227,328 -c--a-w c:\windows.0\system32\dllcache\wmerror.dll
- 2004-08-04 00:56:48 151,552 -c--a-w c:\windows.0\system32\dllcache\wmidx.dll
+ 2006-10-19 01:17:20 157,184 -c--a-w c:\windows.0\system32\dllcache\wmidx.dll
- 2004-08-04 00:56:48 1,050,624 -c--a-w c:\windows.0\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:17:20 937,984 -c--a-w c:\windows.0\system32\dllcache\WMNetMgr.dll
- 2004-08-04 00:56:48 4,874,240 -c--a-w c:\windows.0\system32\dllcache\wmp.dll
+ 2006-10-19 01:17:20 10,834,432 -c--a-w c:\windows.0\system32\dllcache\wmp.dll
- 2004-08-04 00:56:48 114,688 -c--a-w c:\windows.0\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:17:20 242,688 -c--a-w c:\windows.0\system32\dllcache\wmpasf.dll
- 2004-08-04 00:56:48 98,304 -c--a-w c:\windows.0\system32\dllcache\wmpband.dll
+ 2006-10-19 01:17:20 96,256 -c--a-w c:\windows.0\system32\dllcache\wmpband.dll
- 2004-08-04 00:56:48 233,472 -c--a-w c:\windows.0\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:17:20 314,880 -c--a-w c:\windows.0\system32\dllcache\wmpdxm.dll
- 2004-08-04 00:56:58 73,728 -c--a-w c:\windows.0\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:16:20 64,000 -c--a-w c:\windows.0\system32\dllcache\wmplayer.exe
- 2004-08-04 00:56:38 2,940,928 -c--a-w c:\windows.0\system32\dllcache\wmploc.dll
+ 2006-10-19 01:17:20 8,231,936 -c--a-w c:\windows.0\system32\dllcache\wmploc.dll
- 2004-08-04 00:56:48 102,400 -c--a-w c:\windows.0\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:17:20 99,840 -c--a-w c:\windows.0\system32\dllcache\wmpshell.dll
- 2004-08-04 00:56:48 759,296 -c--a-w c:\windows.0\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:17:22 4,096 -c--a-w c:\windows.0\system32\dllcache\wmsdmod.dll
- 2004-08-04 00:56:48 1,119,744 -c--a-w c:\windows.0\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:17:22 4,096 -c--a-w c:\windows.0\system32\dllcache\wmsdmoe2.dll
- 2004-08-04 00:56:48 484,864 -c--a-w c:\windows.0\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:17:22 603,648 -c--a-w c:\windows.0\system32\dllcache\WMSPDMOD.dll
- 2004-08-04 00:56:48 896,512 -c--a-w c:\windows.0\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:17:22 1,329,152 -c--a-w c:\windows.0\system32\dllcache\WMSPDMOE.dll
- 2004-08-04 00:57:04 2,105,344 -c--a-w c:\windows.0\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:17:22 2,450,944 -c--a-w c:\windows.0\system32\dllcache\wmvcore.dll
- 2004-08-04 00:56:48 809,984 -c--a-w c:\windows.0\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:17:22 4,096 -c--a-w c:\windows.0\system32\dllcache\wmvdmod.dll
- 2004-08-04 00:56:48 1,001,472 -c--a-w c:\windows.0\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:17:22 4,096 -c--a-w c:\windows.0\system32\dllcache\wmvdmoe2.dll
- 2004-08-04 00:56:48 430,592 -c--a-w c:\windows.0\system32\dllcache\wuapi.dll
+ 2008-10-16 17:42:20 561,688 -c--a-w c:\windows.0\system32\dllcache\wuapi.dll
- 2004-08-04 00:56:58 111,104 -c--a-w c:\windows.0\system32\dllcache\wuauclt.exe
+ 2008-10-16 17:39:44 51,224 -c--a-w c:\windows.0\system32\dllcache\wuauclt.exe
- 2004-08-04 00:56:48 1,134,592 -c--a-w c:\windows.0\system32\dllcache\wuaueng.dll
+ 2008-10-16 17:43:40 1,809,944 -c--a-w c:\windows.0\system32\dllcache\wuaueng.dll
- 2004-08-04 00:56:48 112,640 -c--a-w c:\windows.0\system32\dllcache\wucltui.dll
+ 2008-10-16 17:42:22 323,608 -c--a-w c:\windows.0\system32\dllcache\wucltui.dll
- 2004-08-04 00:56:48 36,864 -c--a-w c:\windows.0\system32\dllcache\wups.dll
+ 2008-10-16 17:38:58 34,328 -c--a-w c:\windows.0\system32\dllcache\wups.dll
- 2007-07-30 22:49:46 203,096 -c--a-w c:\windows.0\system32\dllcache\wuweb.dll
+ 2008-10-16 17:43:40 202,776 -c--a-w c:\windows.0\system32\dllcache\wuweb.dll
- 2004-08-04 00:56:44 148,480 ----a-w c:\windows.0\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w c:\windows.0\system32\dnsapi.dll
- 2004-08-03 23:14:16 138,496 ----a-w c:\windows.0\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows.0\system32\drivers\afd.sys
- 2004-08-03 23:15:18 451,456 ----a-w c:\windows.0\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows.0\system32\drivers\mrxsmb.sys
- 2001-08-23 14:00:00 200,064 ----a-w c:\windows.0\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows.0\system32\drivers\rmcast.sys
- 2004-08-03 23:14:42 359,040 ----a-w c:\windows.0\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows.0\system32\drivers\tcpip.sys
- 2004-08-03 23:07:46 223,616 ----a-w c:\windows.0\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows.0\system32\drivers\tcpip6.sys
- 2004-08-04 00:57:04 695,296 ----a-w c:\windows.0\system32\drmv2clt.dll
+ 2006-10-19 01:17:10 991,744 ----a-w c:\windows.0\system32\drmv2clt.dll
- 2004-08-04 00:56:44 357,888 ----a-w c:\windows.0\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows.0\system32\dxtmsft.dll
- 2004-08-04 00:56:44 201,728 ----a-w c:\windows.0\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows.0\system32\dxtrans.dll
- 2004-08-04 00:56:44 243,200 ----a-w c:\windows.0\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows.0\system32\es.dll
- 2004-08-04 00:56:44 55,808 ----a-w c:\windows.0\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows.0\system32\extmgr.dll
- 2009-01-14 21:38:41 142,832 ----a-w c:\windows.0\system32\FNTCACHE.DAT
+ 2009-01-16 01:11:11 142,832 ----a-w c:\windows.0\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w c:\windows.0\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows.0\system32\icardie.dll
- 2004-08-04 00:56:52 34,304 ----a-w c:\windows.0\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows.0\system32\ie4uinit.exe
- 2004-08-04 00:56:44 139,264 ----a-w c:\windows.0\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows.0\system32\ieakeng.dll
- 2004-08-04 00:56:44 216,576 ----a-w c:\windows.0\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows.0\system32\ieaksie.dll
- 2001-08-23 14:00:00 221,184 ----a-w c:\windows.0\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows.0\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w c:\windows.0\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows.0\system32\ieapfltr.dll
- 2004-08-04 00:56:44 323,584 ----a-w c:\windows.0\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows.0\system32\iedkcs32.dll
- 2004-08-04 00:56:44 81,920 ----a-w c:\windows.0\system32\ieencode.dll
+ 2007-08-13 22:15:18 78,336 ----a-w c:\windows.0\system32\ieencode.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w c:\windows.0\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows.0\system32\ieframe.dll
- 2004-08-04 00:56:44 249,344 ----a-w c:\windows.0\system32\iepeers.dll
+ 2007-08-13 22:24:10 191,488 ----a-w c:\windows.0\system32\iepeers.dll
- 2004-08-04 00:56:44 48,640 ----a-w c:\windows.0\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows.0\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w c:\windows.0\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows.0\system32\iertutil.dll
- 2004-08-04 00:56:44 62,976 ----a-w c:\windows.0\system32\iesetup.dll
+ 2007-08-13 22:09:12 55,296 ----a-w c:\windows.0\system32\iesetup.dll
- 2007-12-06 11:00:58 13,824 ----a-w c:\windows.0\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows.0\system32\ieudinit.exe
- 2006-10-17 17:33:40 180,736 ----a-w c:\windows.0\system32\ieui.dll
+ 2007-08-13 22:24:10 180,736 ----a-w c:\windows.0\system32\ieui.dll
- 2004-08-04 00:56:44 35,840 ----a-w c:\windows.0\system32\imgutil.dll
+ 2007-08-13 22:06:06 36,352 ----a-w c:\windows.0\system32\imgutil.dll
- 2004-08-04 00:56:44 678,400 ----a-w c:\windows.0\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows.0\system32\inetcomm.dll
- 2004-08-04 00:56:44 96,256 ----a-w c:\windows.0\system32\inseng.dll
+ 2007-08-13 22:09:02 92,672 ----a-w c:\windows.0\system32\inseng.dll
- 2004-08-04 00:56:44 450,560 ----a-w c:\windows.0\system32\jscript.dll
+ 2007-08-13 22:08:04 491,520 ----a-w c:\windows.0\system32\jscript.dll
- 2004-08-04 00:56:44 15,872 ----a-w c:\windows.0\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows.0\system32\jsproxy.dll
- 2004-08-04 00:56:44 6,656 ----a-w c:\windows.0\system32\laprxy.dll
+ 2006-10-19 01:17:14 11,264 ----a-w c:\windows.0\system32\LAPRXY.dll
- 2004-08-04 00:56:44 22,016 ----a-w c:\windows.0\system32\licmgr10.dll
+ 2007-08-13 22:14:18 40,960 ----a-w c:\windows.0\system32\licmgr10.dll
- 2004-08-04 00:56:52 103,936 ----a-w c:\windows.0\system32\logagent.exe
+ 2006-10-18 23:33:58 100,864 ----a-w c:\windows.0\system32\logagent.exe
- 2004-08-04 00:56:44 310,272 ----a-w c:\windows.0\system32\mp43dmod.dll
+ 2006-10-19 01:17:14 4,096 ----a-w c:\windows.0\system32\MP43DMOD.dll
- 2004-08-04 00:56:44 384,512 ----a-w c:\windows.0\system32\mp4sdmod.dll
+ 2006-10-19 01:17:14 4,096 ----a-w c:\windows.0\system32\MP4SDMOD.dll
- 2004-08-04 00:56:44 240,640 ----a-w c:\windows.0\system32\mpg4dmod.dll
+ 2006-10-19 01:17:14 4,096 ----a-w c:\windows.0\system32\MPG4DMOD.dll
+ 2009-01-09 21:05:30 20,853,704 ----a-w c:\windows.0\system32\MRT.exe
- 2004-08-04 00:56:44 73,728 ----a-w c:\windows.0\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows.0\system32\mscms.dll
- 2007-12-07 02:21:47 459,264 ----a-w c:\windows.0\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows.0\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w c:\windows.0\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows.0\system32\msfeedsbs.dll
- 2006-10-17 16:58:32 12,288 ----a-w c:\windows.0\system32\msfeedssync.exe
+ 2007-08-13 22:06:40 12,288 ----a-w c:\windows.0\system32\msfeedssync.exe
- 2004-08-04 00:56:54 29,184 ----a-w c:\windows.0\system32\mshta.exe
+ 2007-08-13 22:02:30 45,568 ----a-w c:\windows.0\system32\mshta.exe
- 2004-08-04 00:56:44 3,003,392 ----a-w c:\windows.0\system32\mshtml.dll
+ 2008-10-17 05:38:40 3,593,216 ----a-w c:\windows.0\system32\mshtml.dll
- 2004-08-04 00:56:44 448,512 ----a-w c:\windows.0\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ------w c:\windows.0\system32\mshtmled.dll
- 2004-08-04 00:56:16 56,832 ----a-w c:\windows.0\system32\mshtmler.dll
+ 2007-08-13 21:31:12 48,128 ----a-w c:\windows.0\system32\mshtmler.dll
- 2001-08-23 14:00:00 146,432 ----a-w c:\windows.0\system32\msls31.dll
+ 2007-08-13 22:24:10 156,160 ----a-w c:\windows.0\system32\msls31.dll
- 2004-08-04 00:57:02 259,072 ----a-w c:\windows.0\system32\msnetobj.dll
+ 2006-10-19 01:17:16 179,712 ----a-w c:\windows.0\system32\msnetobj.dll
- 2004-08-04 00:56:44 52,224 ----a-w c:\windows.0\system32\mspmsnsv.dll
+ 2006-10-19 01:17:16 27,136 ----a-w c:\windows.0\system32\mspmsnsv.dll
- 2004-08-04 00:56:44 201,728 ----a-w c:\windows.0\system32\mspmsp.dll
+ 2006-10-19 01:17:16 175,616 ----a-w c:\windows.0\system32\mspmsp.dll
- 2004-08-04 00:56:44 146,432 ----a-w c:\windows.0\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows.0\system32\msrating.dll
- 2004-08-04 00:57:02 356,352 ----a-w c:\windows.0\system32\msscp.dll
+ 2006-10-19 01:17:16 414,208 ----a-w c:\windows.0\system32\msscp.dll
- 2004-08-04 00:56:44 530,432 ----a-w c:\windows.0\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows.0\system32\mstime.dll
- 2004-08-04 00:56:46 245,760 ----a-w c:\windows.0\system32\mswmdm.dll
+ 2006-10-19 01:17:16 321,536 ----a-w c:\windows.0\system32\mswmdm.dll
- 2004-08-04 00:56:46 245,248 ----a-w c:\windows.0\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w c:\windows.0\system32\mswsock.dll
- 2004-08-04 00:56:46 1,236,480 ----a-w c:\windows.0\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows.0\system32\msxml3.dll
- 2004-08-04 00:56:46 332,288 ----a-w c:\windows.0\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows.0\system32\netapi32.dll
- 2004-08-04 01:05:44 2,056,832 ----a-w c:\windows.0\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows.0\system32\ntkrnlpa.exe
- 2004-08-03 23:20:00 2,180,992 ----a-w c:\windows.0\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows.0\system32\ntoskrnl.exe
- 2004-08-04 00:56:46 96,256 ----a-w c:\windows.0\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows.0\system32\occache.dll
- 2004-08-04 00:56:46 39,424 ----a-w c:\windows.0\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows.0\system32\pngfilt.dll
- 2004-08-04 00:56:46 237,568 ----a-w c:\windows.0\system32\qasf.dll
+ 2006-10-19 01:17:18 211,456 ----a-w c:\windows.0\system32\qasf.dll
- 2004-08-04 00:56:46 1,287,680 ----a-w c:\windows.0\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows.0\system32\quartz.dll
- 2004-08-04 00:56:46 1,483,264 ----a-w c:\windows.0\system32\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows.0\system32\shdocvw.dll
- 2004-08-04 00:56:46 473,600 ----a-w c:\windows.0\system32\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows.0\system32\shlwapi.dll
+ 2008-10-16 17:38:58 34,328 ----a-w c:\windows.0\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 17:39:44 43,544 ----a-w c:\windows.0\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2006-12-10 16:40:02 14,640 ----a-w c:\windows.0\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows.0\system32\spmsg.dll
- 2004-08-04 00:56:46 246,302 ----a-w c:\windows.0\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows.0\system32\strmdll.dll
- 2007-11-13 11:31:11 60,416 ----a-w c:\windows.0\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows.0\system32\tzchange.exe
- 2004-08-04 00:56:48 37,888 ----a-w c:\windows.0\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows.0\system32\url.dll
- 2004-08-04 00:56:48 601,088 ----a-w c:\windows.0\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows.0\system32\urlmon.dll
- 2009-01-12 19:24:16 111,616 ----a-w c:\windows.0\system32\userinit.exe
+ 2004-08-04 12:00:00 24,576 ----a-w c:\windows.0\system32\userinit.exe
- 2004-08-04 00:56:48 417,792 ----a-w c:\windows.0\system32\vbscript.dll
+ 2007-08-13 22:24:10 413,696 ----a-w c:\windows.0\system32\vbscript.dll
- 2004-08-04 00:56:48 49,152 ----a-w c:\windows.0\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w c:\windows.0\system32\wdigest.dll
- 2004-08-04 00:56:48 276,480 ----a-w c:\windows.0\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows.0\system32\webcheck.dll
- 2004-08-03 23:17:42 1,835,904 ----a-w c:\windows.0\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows.0\system32\win32k.sys
- 2006-10-17 17:05:58 206,336 ----a-w c:\windows.0\system32\WinFXDocObj.exe
+ 2007-08-13 22:15:16 206,336 ----a-w c:\windows.0\system32\WinFXDocObj.exe
- 2004-08-04 00:56:48 408,064 ----a-w c:\windows.0\system32\wmadmod.dll
+ 2006-10-19 01:17:18 757,248 ----a-w c:\windows.0\system32\WMADMOD.dll
- 2004-08-04 00:56:48 670,720 ----a-w c:\windows.0\system32\wmadmoe.dll
+ 2006-10-19 01:17:18 1,117,696 ----a-w c:\windows.0\system32\WMADMOE.dll
- 2004-08-04 00:56:48 230,400 ----a-w c:\windows.0\system32\wmasf.dll
+ 2006-10-19 01:17:18 222,208 ----a-w c:\windows.0\system32\WMASF.dll
- 2004-08-04 00:56:48 27,136 ----a-w c:\windows.0\system32\wmdmlog.dll
+ 2006-10-19 01:17:18 33,792 ----a-w c:\windows.0\system32\wmdmlog.dll
- 2004-08-04 00:56:48 23,552 ----a-w c:\windows.0\system32\wmdmps.dll
+ 2006-10-19 01:17:18 37,376 ----a-w c:\windows.0\system32\wmdmps.dll
- 2004-08-04 00:56:36 168,448 ----a-w c:\windows.0\system32\wmerror.dll
+ 2006-10-19 01:17:20 227,328 ----a-w c:\windows.0\system32\wmerror.dll
- 2004-08-04 00:56:48 151,552 ----a-w c:\windows.0\system32\wmidx.dll
+ 2006-10-19 01:17:20 157,184 ----a-w c:\windows.0\system32\wmidx.dll
- 2004-08-04 00:56:48 1,050,624 ----a-w c:\windows.0\system32\wmnetmgr.dll
+ 2006-10-19 01:17:20 937,984 ----a-w c:\windows.0\system32\WMNetMgr.dll
- 2004-08-04 00:56:48 4,874,240 ----a-w c:\windows.0\system32\wmp.dll
+ 2006-10-19 01:17:20 10,834,432 ----a-w c:\windows.0\system32\wmp.dll
- 2004-08-04 00:56:48 114,688 ----a-w c:\windows.0\system32\wmpasf.dll
+ 2006-10-19 01:17:20 242,688 ----a-w c:\windows.0\system32\wmpasf.dll
- 2004-08-04 00:56:48 233,472 ----a-w c:\windows.0\system32\wmpdxm.dll
+ 2006-10-19 01:17:20 314,880 ----a-w c:\windows.0\system32\wmpdxm.dll
- 2006-10-18 21:47:20 295,936 ----a-w c:\windows.0\system32\wmpeffects.dll
+ 2008-06-24 21:42:58 295,936 ----a-w c:\windows.0\system32\wmpeffects.dll
- 2004-08-04 00:56:38 2,940,928 ----a-w c:\windows.0\system32\wmploc.dll
+ 2006-10-19 01:17:20 8,231,936 ----a-w c:\windows.0\system32\wmploc.dll
- 2004-08-04 00:56:48 102,400 ----a-w c:\windows.0\system32\wmpshell.dll
+ 2006-10-19 01:17:20 99,840 ----a-w c:\windows.0\system32\wmpshell.dll
- 2004-08-04 00:56:48 759,296 ----a-w c:\windows.0\system32\wmsdmod.dll
+ 2006-10-19 01:17:22 4,096 ----a-w c:\windows.0\system32\wmsdmod.dll
- 2004-08-04 00:56:48 1,119,744 ----a-w c:\windows.0\system32\wmsdmoe2.dll
+ 2006-10-19 01:17:22 4,096 ----a-w c:\windows.0\system32\wmsdmoe2.dll
- 2004-08-04 00:56:48 484,864 ----a-w c:\windows.0\system32\wmspdmod.dll
+ 2006-10-19 01:17:22 603,648 ----a-w c:\windows.0\system32\WMSPDMOD.dll
- 2004-08-04 00:56:48 896,512 ----a-w c:\windows.0\system32\wmspdmoe.dll
+ 2006-10-19 01:17:22 1,329,152 ----a-w c:\windows.0\system32\WMSPDMOE.dll
- 2004-08-04 00:57:04 2,105,344 ----a-w c:\windows.0\system32\wmvcore.dll
+ 2006-10-19 01:17:22 2,450,944 ----a-w c:\windows.0\system32\wmvcore.dll
- 2004-08-04 00:56:48 809,984 ----a-w c:\windows.0\system32\wmvdmod.dll
+ 2006-10-19 01:17:22 4,096 ----a-w c:\windows.0\system32\wmvdmod.dll
- 2004-08-04 00:56:48 1,001,472 ----a-w c:\windows.0\system32\wmvdmoe2.dll
+ 2006-10-19 01:17:22 4,096 ----a-w c:\windows.0\system32\wmvdmoe2.dll
- 2006-10-18 21:47:22 38,400 ----a-w c:\windows.0\system32\wpdshextres.dll
+ 2006-10-19 01:17:22 38,400 ----a-w c:\windows.0\system32\wpdshextres.dll
- 2007-10-29 10:26:53 115,712 ----a-w c:\windows.0\system32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows.0\system32\xpsp3res.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows.0\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTFMON.EXE"="ctfmon.exe" [2004-08-03 c:\windows.0\system32\ctfmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows.0\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows.0\Tasks\EasyShare Registration Task.job
- c:\windows.0\system32\rundll32.exe [2004-08-03 21:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hhq555hn.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 18:16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\wscntfy.exe
c:\windows.0\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2009-01-16 18:18:44 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-01-16 21:48:41
ComboFix2.txt 2009-01-15 19:27:31

Pre-Run: 31,060,164,608 bytes free
Post-Run: 31,048,663,040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=oemkrnl.exe
signature(acc63e29)disk(1)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

898 --- E O F --- 2009-01-15 23:12:04



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:39, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\WgaTray.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe

--
End of file - 2996 bytes

Edited by Shibbity, 16 January 2009 - 04:54 PM.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:18 PM

Posted 17 January 2009 - 05:43 PM

Hello Shibbity,

Your logs look fine. :thumbsup:

I'd just like you to check, using Windows Explorer, these folders :c:\documents and settings\All Users\Application Data\3433C
c:\documents and settings\All Users\Application Data\2BED
If they are empty, or contain nothing you installed,
please delete them as well.

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Shibbity

Shibbity
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
    •  
  • Local time:08:48 AM

Posted 19 January 2009 - 12:40 AM

Thanks a lot. Everything you got me to do seems to have done the trick. You saved me so much time and probably some money. Thanks again. Greatly appreciated.

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:18 PM

Posted 19 January 2009 - 03:42 AM

Glad we could help, Shibbity :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·