Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups, crashes, freezing, slow internet


  • Please log in to reply
17 replies to this topic

#1 splitfingerz

splitfingerz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 18 January 2009 - 05:18 PM

I continually get popups saying I have malware and viruses. They ask me to scan using different security websites. Also when I am browsing the window I'm in goes inactive very frequently so if i'm typing it stops when the screen goes inactive. No window pops up, but it's like I clicked off the screen. When I click on search results in google, it takes me to some random other search engine after skipping 3 web pages so when I click the back button it redirects me back to the random search engine site.

Here is a DDS scan. When I try to do a Kaspersky scan it freezes up and I can't get any further than 20% into the update. I will continue to try while I wait on a response.




DDS (Ver_09-01-18.01) - NTFSx86
Run by HP_Administrator at 15:54:00.48 on Sun 01/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.386 [GMT -6:00]

AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\j3X36c5F.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\a.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~tmpd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\tintinyproxyy\tinyproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:7070
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqronkH.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {77ab59b4-55a3-4737-9fd5-b93c64307f78} - c:\windows\system32\ofddwjvr.dll
BHO: {952ef988-6e06-43c8-b285-9a3c5dc2b489} - c:\windows\system32\cbXOHWNE.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-

packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
uRun: [MSFox] c:\docume~1\hp_adm~1\locals~1\temp\a.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-

packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06

\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: convergys.com
Trusted Zone: convergys.com\mycvg
Trusted Zone: doginhispen.com
Trusted Zone: select2perform.com\www
Trusted Zone: whataboutadog.com
Trusted Zone: trymedia.com
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480

\program\GAPlugProtocol-8876480.dll
Notify: urqronkH - urqronkH.dll
AppInit_DLLs: kshldz.dll lszbdh.dll kghctl.dll odrepd.dll mbxgbv.dll eqjorb.dll bijrid.dll gmtjbz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqronkH.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXOHWNE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t6z41347.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Network Connections (Netman);Network Connections (Netman);c:\program files\common files\system\smss.exe [2009-1-17 7424]
R4 Server (lanmanserver) ;Server (lanmanserver) ;c:\program files\tintinyproxyy\tinyproxy.exe [2009-1-9 8960]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-20

24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-9-24 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys

--> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32

\drivers\mbamswissarmy.sys [?]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common

files\symantec shared\ccEvtMgr.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program

files\common files\symantec shared\ccSetMgr.exe [?]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-01-18 12:14 5,750 a--sh--- c:\windows\system32\ENWHOXbc.ini2
2009-01-17 13:26 36,352 a------- c:\windows\system32\opnmjiJa.dll
2009-01-17 13:26 191,103 a------- c:\windows\system32\wpv061232083525.cpx
2009-01-17 13:26 22,528 a------- c:\windows\system32\digeste.dll
2009-01-17 13:26 22,528 a------- c:\documents and settings\hp_administrator\z.exe
2009-01-17 11:26 36,352 a------- c:\windows\system32\fccawULb.dll
2009-01-17 11:26 191,103 a------- c:\windows\system32\wpv311232083525.cpx
2009-01-17 11:26 22,528 a------- c:\documents and settings\hp_administrator\u.exe
2009-01-17 10:05 69,632 a------- c:\windows\system32\j3X36c5F.exe
2009-01-17 10:05 0 a------- c:\windows\system32\j3X36c5F.exe.a_a
2009-01-17 09:50 71,168 a------- c:\windows\system32\drivers\gaopdxserv.sys
2009-01-17 09:50 <DIR> --dshr-- C:\resycled
2009-01-17 09:50 255 ---shr-- C:\autorun.inf
2009-01-11 18:34 5,750 a--sh--- c:\windows\system32\ENWHOXbc.ini
2009-01-10 01:33 <DIR> --d----- C:\New Folder
2009-01-09 23:51 <DIR> --d----- c:\program files\tintinyproxyy
2009-01-08 21:29 24,576 a------- c:\windows\system32\stus.exe
2008-12-28 09:10 120 ---sh--- c:\windows\system32\xxwbijey.ini
2008-12-28 09:10 72,704 a------- c:\windows\system32\yejibwxx.dll
2008-12-28 09:07 129,024 a------- c:\windows\system32\gmtjbz.dll
2008-12-28 09:07 129,024 a------- c:\windows\system32\xyjoyavn.dll
2008-12-27 09:12 120 ---sh--- c:\windows\system32\ikrppcjb.ini
2008-12-27 09:09 129,024 a------- c:\windows\system32\bijrid.dll
2008-12-27 09:09 129,024 a------- c:\windows\system32\skxaxpht.dll
2008-12-26 22:30 <DIR> --d----- c:\program files\common files\Logitech
2008-12-26 09:07 120 ---sh--- c:\windows\system32\lhvhyopa.ini
2008-12-26 09:04 129,024 a------- c:\windows\system32\eqjorb.dll
2008-12-26 09:04 129,024 a------- c:\windows\system32\wagmbrbb.dll
2008-12-24 18:44 129,024 a------- c:\windows\system32\mbxgbv.dll
2008-12-24 18:44 129,024 a------- c:\windows\system32\uuqvyedt.dll
2008-12-24 18:41 120 ---sh--- c:\windows\system32\vpoiwkqv.ini
2008-12-24 18:41 72,704 a------- c:\windows\system32\vqkwiopv.dll
2008-12-23 18:45 129,024 a------- c:\windows\system32\odrepd.dll
2008-12-23 18:45 129,024 a------- c:\windows\system32\mjmwtxxy.dll
2008-12-23 18:42 120 ---sh--- c:\windows\system32\locfahgu.ini
2008-12-22 18:48 120 ---sh--- c:\windows\system32\sfrfhwen.ini
2008-12-22 18:39 129,024 a------- c:\windows\system32\kghctl.dll
2008-12-22 18:39 129,024 a------- c:\windows\system32\pnuasqbb.dll
2008-12-21 18:45 120 ---sh--- c:\windows\system32\rlqwcabb.ini
2008-12-21 18:39 129,024 a------- c:\windows\system32\lszbdh.dll
2008-12-21 18:39 129,024 a------- c:\windows\system32\fdrvtmhk.dll
2008-12-20 13:16 116,736 a------- c:\windows\system32\ofddwjvr.dll
2008-12-20 13:07 129,024 a------- c:\windows\system32\kshldz.dll
2008-12-20 13:07 129,024 a------- c:\windows\system32\dgjpittx.dll

==================== Find3M ====================

2009-01-08 21:29 8,704 a------- c:\windows\system32\userinit.exe
2008-12-19 13:13 129,024 a------- c:\windows\system32\nkqyub.dll
2008-12-19 13:13 129,024 a------- c:\windows\system32\ltjknsik.dll
2008-12-18 13:10 129,024 a------- c:\windows\system32\mmokli.dll
2008-12-18 13:10 129,024 a------- c:\windows\system32\jnoxrsnt.dll
2008-12-17 13:05 129,024 a------- c:\windows\system32\xxlqdigc.dll
2008-12-17 13:05 129,024 a------- c:\windows\system32\nzhoqf.dll
2008-12-16 13:13 129,024 a------- c:\windows\system32\rztjgb.dll
2008-12-16 13:13 129,024 a------- c:\windows\system32\nmfcjqtr.dll
2008-12-15 20:46 129,024 a------- c:\windows\system32\zpyzgr.dll
2008-12-15 20:46 129,024 a------- c:\windows\system32\uyioiwqh.dll
2008-12-14 20:45 129,024 a------- c:\windows\system32\lwctol.dll
2008-12-14 20:45 129,024 a------- c:\windows\system32\glbluvbi.dll
2008-12-13 20:44 72,704 a------- c:\windows\system32\dchyhfxw.dll
2008-12-13 20:41 129,024 a------- c:\windows\system32\wgrtne.dll
2008-12-13 20:41 129,024 a------- c:\windows\system32\gfauioeh.dll
2008-12-13 20:38 302,592 a------- c:\windows\system32\cbXOHWNE.dll
2008-12-13 20:33 66,560 a------- c:\windows\system32\yayaXNHx.dll
2008-12-13 20:33 34,816 a------- c:\windows\system32\urqronkH.dll
2008-10-24 05:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-07-23 12:13 1,552 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-04-13 16:46 840,450 a------- c:\program files\TabIt.zip
2007-01-21 23:15 774,144 a------- c:\program files\RngInterstitial.dll

============= FINISH: 15:55:31.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 18 January 2009 - 06:44 PM

Hello splitfingerz

Welcome to BleepingComputer :thumbup2:
========================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 18 January 2009 - 07:42 PM

Combofix log


ComboFix 09-01-18.01 - HP_Administrator 2009-01-18 18:02:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.616 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\tintinyproxyy\tinyproxy.exe
C:\resycled
c:\resycled\ntldr.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\bijrid.dll
c:\windows\system32\brrfsrbn.ini
c:\windows\system32\cbXOHWNE.dll
c:\windows\system32\cndpgvpe.ini
c:\windows\system32\dchyhfxw.dll
c:\windows\system32\dgjpittx.dll
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\msqpdxcxyyavqo.sys
c:\windows\system32\drivers\msqpdxonaqmedf.sys
c:\windows\system32\duyylfvj.ini
c:\windows\system32\ehjqchkj.ini
c:\windows\system32\ENWHOXbc.ini
c:\windows\system32\ENWHOXbc.ini2
c:\windows\system32\eqjorb.dll
c:\windows\system32\fccawULb.dll
c:\windows\system32\fdrvtmhk.dll
c:\windows\system32\gfauioeh.dll
c:\windows\system32\gilefajj.ini
c:\windows\system32\glbluvbi.dll
c:\windows\system32\gmtjbz.dll
c:\windows\system32\ikrppcjb.ini
c:\windows\system32\j3X36c5F.exe.a_a
c:\windows\system32\jnoxrsnt.dll
c:\windows\system32\kghctl.dll
c:\windows\system32\kshldz.dll
c:\windows\system32\lhvhyopa.ini
c:\windows\system32\locfahgu.ini
c:\windows\system32\lszbdh.dll
c:\windows\system32\ltjknsik.dll
c:\windows\system32\lwctol.dll
c:\windows\system32\mbxgbv.dll
c:\windows\system32\mjmwtxxy.dll
c:\windows\system32\mmokli.dll
c:\windows\system32\msqpdxkyokspyv.dll
c:\windows\system32\nkqyub.dll
c:\windows\system32\nmfcjqtr.dll
c:\windows\system32\nzhoqf.dll
c:\windows\system32\odrepd.dll
c:\windows\system32\ofddwjvr.dll
c:\windows\system32\opnmjiJa.dll
c:\windows\system32\pnuasqbb.dll
c:\windows\system32\rlqwcabb.ini
c:\windows\system32\rztjgb.dll
c:\windows\system32\sfrfhwen.ini
c:\windows\system32\skxaxpht.dll
c:\windows\system32\tnmhnsxu.ini
c:\windows\system32\urqronkH.dll
c:\windows\system32\uuqvyedt.dll
c:\windows\system32\uyioiwqh.dll
c:\windows\system32\vpoiwkqv.ini
c:\windows\system32\vqkwiopv.dll
c:\windows\system32\wagmbrbb.dll
c:\windows\system32\wgrtne.dll
c:\windows\system32\wpv061232083525.cpx
c:\windows\system32\wpv311232083525.cpx
c:\windows\system32\wpv871229210867.cpx
c:\windows\system32\xxlqdigc.dll
c:\windows\system32\xxwbijey.ini
c:\windows\system32\xyjoyavn.dll
c:\windows\system32\yayaXNHx.dll
c:\windows\system32\yejibwxx.dll
c:\windows\system32\zpyzgr.dll
c:\windows\Tasks\velqwntg.job
c:\windows\wiaserviv.log
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
d:\resycled\ntldr.com

----- BITS: Possible infected sites -----

hxxp://b9n.org
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_SERVER_(LANMANSERVER)_
-------\Service_Server (lanmanserver)


((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-18 18:00 . 2009-01-18 18:32 122,912 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-18 18:00 . 2009-01-18 18:32 1,500 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-18 18:00 . 2009-01-18 18:14 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-18 18:00 . 2009-01-18 18:14 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-18 17:45 . 2009-01-18 18:00 <DIR> d-------- C:\327882R2FWJFW
2009-01-18 17:11 . 2009-01-18 17:11 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-18 17:11 . 2009-01-18 17:11 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-18 17:10 . 2009-01-18 17:10 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-18 17:10 . 2009-01-18 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-17 15:04 . 2009-01-17 15:04 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2009-01-17 13:26 . 2009-01-17 13:26 22,528 --a------ c:\documents and settings\HP_Administrator\z.exe
2009-01-17 11:26 . 2009-01-17 11:26 22,528 --a------ c:\documents and settings\HP_Administrator\u.exe
2009-01-17 10:05 . 2009-01-17 10:05 69,632 --a------ c:\windows\system32\j3X36c5F.exe
2009-01-17 09:50 . 2009-01-18 15:35 71,168 --a------ c:\windows\system32\drivers\gaopdxserv.sys
2009-01-10 01:33 . 2009-01-10 02:23 <DIR> d-------- C:\New Folder
2009-01-09 23:51 . 2009-01-18 18:11 <DIR> d-------- c:\program files\tintinyproxyy
2009-01-08 21:29 . 2004-08-09 22:00 24,576 --a------ c:\windows\system32\stus.exe
2008-12-26 22:30 . 2008-12-26 22:30 <DIR> d-------- c:\program files\Common Files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 22:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-18 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 23:53 --------- d-----w c:\program files\IDoser v4
2008-12-28 05:16 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2008-12-14 06:49 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-03 21:05 --------- d-----w c:\program files\iTunes
2008-12-03 21:05 --------- d-----w c:\program files\iPod
2008-12-03 21:05 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 21:04 --------- d-----w c:\program files\QuickTime
2008-12-02 06:48 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-07-23 18:13 1,552 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-13 22:46 840,450 ----a-w c:\program files\TabIt.zip
2007-01-22 05:15 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-15_ 4.12.06.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-09-15 12:17:07 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP2QFE\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\$hf_mig$\KB954211\SP3GDR\win32k.sys
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-04 16:32:52 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP2QFE\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3GDR\msxml3.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 19:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\$hf_mig$\KB956803\SP2QFE\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3GDR\afd.sys
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlmp.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrpamp.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 20:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 21:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-08-28 10:35:33 333,056 ----a-w c:\windows\$hf_mig$\KB957095\SP2QFE\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3GDR\srv.sys
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:53:28 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP2QFE\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\$hf_mig$\KB958644\SP3GDR\netapi32.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954211$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 19:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlmp.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\$NtUninstallKB956841$\ntkrpamp.exe
+ 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41 332,928 -c----w c:\windows\$NtUninstallKB957095$\srv.sys
+ 2006-05-05 09:41:45 453,120 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 332,288 -c----w c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2008-09-22 18:08:47 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-09-22 18:08:47 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-09-22 18:08:48 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-09-22 18:08:48 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-09-22 18:08:48 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-09-22 18:08:48 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-09-22 18:08:48 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-09-22 18:08:49 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-09-22 18:08:47 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 15:57:40 3,592,192 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-12-03 21:06:07 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-09-18 19:16:27 15,086 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ARPPRODUCTICON.exe
+ 2008-09-18 19:16:27 15,086 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2008-09-18 19:16:27 53,248 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2008-12-27 04:30:55 57,344 ----a-r c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2008-09-15 23:53:39 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2008-11-17 18:26:52 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2008-09-15 23:51:35 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2005-03-18 22:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 22:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 22:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 22:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 22:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 22:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 22:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 22:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-07-22 22:21:34 577,024 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 14:00:00 29,696 ----a-w c:\windows\Nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\swreg.exe
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2004-08-10 04:00:00 65,024 ------w c:\windows\system32\asycfilt.dll
+ 2004-08-04 07:56:42 65,024 ----a-w c:\windows\system32\asycfilt.dll
- 2007-07-31 00:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
+ 2008-09-22 18:08:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
- 2005-06-12 17:02:50 3,584 ----a-w c:\windows\system32\COMCAT.DLL
+ 2003-03-31 12:00:00 3,584 ----a-w c:\windows\system32\comcat.dll
- 2008-08-15 08:04:49 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-19 00:15:59 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-15 08:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-19 00:15:59 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-08 18:00:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
+ 2009-01-08 18:00:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010820090109\index.dat
+ 2009-01-11 00:00:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011020090111\index.dat
+ 2008-12-14 03:00:45 78,924 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2008-08-15 08:04:49 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 00:15:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-07-23 00:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
- 2008-06-23 16:57:27 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
- 2004-08-10 04:00:00 65,024 ------w c:\windows\system32\dllcache\asycfilt.dll
+ 2004-08-04 07:56:42 65,024 ----a-w c:\windows\system32\dllcache\asycfilt.dll
- 2007-07-31 00:19:20 92,504 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2005-06-12 17:02:50 3,584 ----a-w c:\windows\system32\dllcache\comcat.dll
+ 2003-03-31 12:00:00 3,584 ----a-w c:\windows\system32\dllcache\comcat.dll
- 2004-08-04 05:08:00 60,288 ----a-w c:\windows\system32\dllcache\drmk.sys
+ 2004-08-04 04:08:00 60,288 ----a-w c:\windows\system32\dllcache\drmk.sys
- 2008-06-23 16:57:27 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
- 2004-08-04 06:56:44 47,616 ----a-w c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-04 05:56:44 47,616 ----a-w c:\windows\system32\dllcache\iyuv_32.dll
- 2008-06-23 16:57:35 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 05:15:22 140,928 ----a-w c:\windows\system32\dllcache\ks.sys
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\dllcache\ks.sys
- 2006-05-05 09:41:45 453,120 ------w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:57:36 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 15:57:40 3,592,192 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ------w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 06:56:46 17,408 ----a-w c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 05:56:46 17,408 ----a-w c:\windows\system32\dllcache\msyuv.dll
- 2006-08-17 12:28:27 332,288 ------w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-06-23 16:57:40 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 ------w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
- 2004-08-04 05:08:04 48,640 ----a-w c:\windows\system32\dllcache\stream.sys
+ 2004-08-04 04:08:04 48,640 ----a-w c:\windows\system32\dllcache\stream.sys
- 2001-08-18 04:36:34 8,192 ----a-w c:\windows\system32\dllcache\tsbyuv.dll
+ 2001-08-18 03:36:34 8,192 ----a-w c:\windows\system32\dllcache\tsbyuv.dll
- 2008-06-23 16:57:40 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 05:07:56 59,264 ----a-w c:\windows\system32\dllcache\usbaudio.sys
+ 2004-08-04 04:07:56 59,264 ----a-w c:\windows\system32\dllcache\usbaudio.sys
- 2004-08-04 05:08:48 31,616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
+ 2004-08-04 04:08:48 31,616 ----a-w c:\windows\system32\dllcache\usbccgp.sys
+ 2004-08-04 04:58:46 15,104 ----a-w c:\windows\system32\dllcache\usbscan.sys
- 2004-08-04 06:56:48 53,760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
+ 2004-08-04 05:56:48 53,760 ----a-w c:\windows\system32\dllcache\vfwwdm32.dll
- 2008-06-23 16:57:41 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ------w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:57:41 826,368 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2007-07-31 00:19:36 549,720 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2007-07-31 00:19:28 203,096 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2007-07-24 20:17:08 81,920 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 15:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2007-07-24 20:17:08 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-08-29 14:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
- 2008-06-20 10:44:38 138,368 ------w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2002-07-17 13:05:10 16,512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
- 2004-08-04 05:08:00 60,288 ----a-w c:\windows\system32\drivers\drmk.sys
+ 2004-08-04 04:08:00 60,288 ----a-w c:\windows\system32\drivers\drmk.sys
- 2008-01-29 17:01:28 16,168 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 18:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
- 2008-07-18 22:39:18 213,008 ----a-w c:\windows\system32\drivers\klif.sys
+ 2009-01-18 23:09:57 227,344 ----a-w c:\windows\system32\drivers\klif.sys
- 2008-07-30 01:20:00 24,774 ----a-w c:\windows\system32\drivers\klopp.dat
+ 2008-11-12 01:58:54 25,601 ----a-w c:\windows\system32\drivers\klopp.dat
- 2004-08-04 05:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
- 2007-10-12 01:55:58 13,848 ----a-w c:\windows\system32\drivers\lv302af.sys
+ 2008-07-26 15:22:20 13,848 ----a-w c:\windows\system32\drivers\lv302af.sys
- 2007-10-12 01:55:58 1,279,000 ----a-w c:\windows\system32\drivers\LV302V32.SYS
+ 2008-07-26 15:22:32 2,570,520 ----a-w c:\windows\system32\drivers\LV302V32.SYS
- 2007-10-12 00:59:24 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
+ 2008-07-26 13:25:02 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
+ 2008-07-26 15:25:46 627,864 ----a-w c:\windows\system32\drivers\lvrs.sys
- 2007-10-12 02:00:42 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-07-26 15:26:20 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
- 2006-05-05 09:41:45 453,120 ------w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2006-08-14 10:34:41 332,928 ------w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-04 05:08:04 48,640 ----a-w c:\windows\system32\drivers\stream.sys
+ 2004-08-04 04:08:04 48,640 ----a-w c:\windows\system32\drivers\stream.sys
+ 2008-10-01 18:01:28 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
- 2004-08-04 05:07:56 59,264 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
+ 2004-08-04 04:07:56 59,264 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
- 2004-08-04 05:08:48 31,616 ----a-w c:\windows\system32\drivers\usbccgp.sys
+ 2004-08-04 04:08:48 31,616 ----a-w c:\windows\system32\drivers\usbccgp.sys
+ 2004-08-04 04:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2008-04-17 18:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 18:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-02-01 09:43:00 489,624 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LV561AV.sys
+ 2008-02-01 09:43:24 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcodec2.dll
+ 2008-02-01 09:43:34 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcoinst.dll
+ 2008-02-01 09:46:14 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2.dll
+ 2008-02-01 09:46:26 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2RC.dll
+ 2008-02-01 09:46:38 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUSBSta.sys
+ 2008-02-01 09:47:22 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvWIAext.dll
+ 2008-02-01 09:49:50 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\WUApp32.exe
+ 2008-07-26 15:22:20 13,848 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lv302af.sys
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvcoinst.dll
+ 2008-07-26 15:25:46 627,864 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvrs.sys
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\LVUSBSta.sys
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\WUApp32.exe
+ 2008-07-26 15:22:32 2,570,520 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LV302V32.SYS
+ 2008-07-26 15:23:18 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcodec2.dll
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcoinst.dll
+ 2008-07-26 15:26:08 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2.dll
+ 2008-07-26 15:26:20 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2RC.dll
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUSBSta.sys
+ 2008-07-26 15:27:18 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvWIAext.dll
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\WUApp32.exe
+ 2008-07-26 15:26:54 23,832 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5c_1BFC52D9685745C065979BCEBCC76EF496BB7037\lvuvcflt.sys
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvcoinst.dll
+ 2008-07-26 15:24:48 95,384 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvpopflt.sys
+ 2008-07-26 15:25:46 627,864 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvrs.sys
+ 2008-07-26 15:25:58 66,456 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvselsus.sys
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\LVUSBSta.sys
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\WUApp32.exe
+ 2008-07-26 15:23:18 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcodec2.dll
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcoinst.dll
+ 2008-07-26 15:26:08 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2.dll
+ 2008-07-26 15:26:20 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2RC.dll
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUSBSta.sys
+ 2008-07-26 15:26:42 4,658,584 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvuvc.sys
+ 2008-07-26 15:27:18 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvWIAext.dll
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\WUApp32.exe
+ 2008-10-01 18:01:28 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2008-06-23 16:57:27 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-02 06:54:51 214,472 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-27 03:55:47 220,840 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-01-29 17:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 18:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
- 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2004-08-04 06:56:44 47,616 ----a-w c:\windows\system32\iyuv_32.dll
+ 2004-08-04 05:56:44 47,616 ----a-w c:\windows\system32\iyuv_32.dll
- 2008-06-23 16:57:35 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2008-07-30 01:21:42 218,376 ----a-w c:\windows\system32\klogon.dll
+ 2008-11-12 02:00:04 218,376 ----a-w c:\windows\system32\klogon.dll
+ 2008-07-26 15:23:28 195,096 ----a-w c:\windows\system32\lvci11801048.dll
- 2007-10-12 01:57:28 416,280 ----a-w c:\windows\system32\lvcodec2.dll
+ 2008-07-26 15:23:18 416,280 ----a-w c:\windows\system32\lvcodec2.dll
- 2007-10-12 02:00:20 490,008 ----a-w c:\windows\system32\LVUI2.dll
+ 2008-07-26 15:26:08 490,008 ----a-w c:\windows\system32\LVUI2.dll
- 2007-10-12 02:00:32 465,432 ----a-w c:\windows\system32\LVUI2RC.dll
+ 2008-07-26 15:26:20 465,432 ----a-w c:\windows\system32\LVUI2RC.dll
+ 2008-03-25 02:32:44 218,496 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil9f.exe
- 2007-05-21 23:20:02 48,238 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-19 22:19:09 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-27 18:17:49 49,476 ---ha-w c:\windows\system32\mlfcache.dat
- 2008-08-05 16:11:02 15,888,504 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2004-08-04 06:56:58 294,912 ----a-w c:\windows\system32\msh263.drv
+ 2004-08-04 05:56:58 294,912 ----a-w c:\windows\system32\msh263.drv
- 2008-06-24 15:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
- 2004-08-10 04:00:00 1,392,671 ------w c:\windows\system32\msvbvm60.dll
+ 2004-02-23 05:00:00 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 20:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 22:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2004-08-04 06:56:46 17,408 ----a-w c:\windows\system32\msyuv.dll
+ 2004-08-04 05:56:46 17,408 ----a-w c:\windows\system32\msyuv.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:57 2,015,744 ------w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:08:48 2,136,064 ------w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ------w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-06-02 17:16:36 64,404 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 12:38:07 64,404 ----a-w c:\windows\system32\perfc009.dat
- 2008-06-02 17:16:36 408,000 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 12:38:07 408,000 ----a-w c:\windows\system32\perfh009.dat
- 2008-06-23 16:57:40 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2001-08-18 04:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
+ 2004-08-04 06:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-08-04 04:08:48 31,616 ----a-w c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\usbccgp.sys
+ 2004-08-04 06:56:44 47,616 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\iyuv_32.dll
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\ks.sys
+ 2004-08-04 14:56:44 4,096 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\ksuser.dll
+ 2004-08-04 06:56:58 294,912 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\msh263.drv
+ 2004-08-04 06:56:46 17,408 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\msyuv.dll
+ 2001-08-18 04:36:34 8,192 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\tsbyuv.dll
+ 2004-08-04 06:56:48 53,760 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\vfwwdm32.dll
+ 2007-10-12 01:55:58 1,279,000 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\LV302V32.SYS
+ 2008-07-26 15:23:18 416,280 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\lvcodec2.dll
+ 2007-10-12 01:57:40 195,096 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\lvcoinst.dll
+ 2008-07-26 15:26:08 490,008 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\LVUI2.dll
+ 2008-07-26 15:26:20 465,432 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\LVUI2RC.dll
+ 2008-07-26 15:26:20 41,752 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\LVUSBSta.sys
+ 2008-07-26 15:27:18 236,056 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\lvWIAext.dll
+ 2008-07-26 15:29:56 439,568 ----a-w c:\windows\system32\ReinstallBackups\0017\DriverFiles\WUApp32.exe
+ 2004-08-04 04:08:00 60,288 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\drmk.sys
+ 2004-08-04 04:15:22 140,928 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ks.sys
+ 2004-08-04 14:56:44 4,096 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll
+ 2004-03-17 00:58:20 136,960 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\portcls.sys
+ 2004-08-04 04:08:04 48,640 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\stream.sys
+ 2004-08-04 04:07:56 59,264 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\USBAUDIO.sys
+ 2004-08-04 14:56:58 23,552 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\wdmaud.drv
+ 2008-07-26 15:22:20 13,848 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\lv302af.sys
+ 2008-07-26 15:23:28 195,096 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\lvcoinst.dll
+ 2008-07-26 15:25:46 627,864 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\lvrs.sys
+ 2008-07-26 15:26:20 41,752 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\LVUSBSta.sys
+ 2008-07-26 15:29:56 439,568 ----a-w c:\windows\system32\ReinstallBackups\0018\DriverFiles\WUApp32.exe
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
- 2001-08-18 04:36:34 8,192 ----a-w c:\windows\system32\tsbyuv.dll
+ 2001-08-18 03:36:34 8,192 ----a-w c:\windows\system32\tsbyuv.dll
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-04 06:56:48 53,760 ----a-w c:\windows\system32\vfwwdm32.dll
+ 2004-08-04 05:56:48 53,760 ----a-w c:\windows\system32\vfwwdm32.dll
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2008-06-23 16:57:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2001-03-18 02:34:12 22,528 ----a-w c:\windows\system32\WNASPI32.DLL
- 2007-07-31 00:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-31 00:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-31 00:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-31 00:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-07-26 13:25:24 109,080 ----a-w c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2009-01-19 00:16:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_82c.dat
- 2007-10-12 02:01:28 236,056 ----a-w c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2008-07-26 15:27:18 236,056 ----a-w c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2008-09-30 22:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 22:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 21:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-05-09 16:50 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-03 00:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 15:05 106496 c:\windows\system32\ftutil2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 16:50 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 21:05 16239616 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Shared\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\System\\smss.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R4 Network Connections (Netman);Network Connections (Netman);c:\program files\Common Files\System\smss.exe [2009-01-17 7424]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-20 24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-09-24 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2aa274-b9a1-11dd-903c-0018f3e77aca}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com l:
\Shell\Open\command - f:\resycled\ntldr.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad2-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad3-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - G:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-18 c:\windows\Tasks\At1.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At10.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At11.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At12.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At13.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At14.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At15.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At16.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At17.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At18.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At19.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At2.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At20.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At21.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At22.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At23.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At24.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At3.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At4.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At5.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At6.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-18 c:\windows\Tasks\At7.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At8.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]

2009-01-17 c:\windows\Tasks\At9.job
- c:\windows\system32\j3X36c5F.exe [2009-01-17 10:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\urqronkH.dll
BHO-{77AB59B4-55A3-4737-9FD5-B93C64307F78} - c:\windows\system32\ofddwjvr.dll
BHO-{CAFBDF41-6D0E-4FBA-A231-55BBC190A424} - c:\windows\system32\cbXOHWNE.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\urqronkH.dll
MSConfigStartUp-c810868e - c:\windows\system32\yejibwxx.dll
MSConfigStartUp-GetModule32 - c:\program files\GetModule\GetModule32.exe
MSConfigStartUp-GetPack27 - c:\program files\GetPack\GetPack27.exe
MSConfigStartUp-MSFox - c:\docume~1\HP_ADM~1\LOCALS~1\Temp\a.exe
MSConfigStartUp-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: *.convergys.com
Trusted Zone: mycvg.convergys.com
Trusted Zone: *.doginhispen.com
Trusted Zone: www.select2perform.com
Trusted Zone: *.whataboutadog.com
Trusted Zone: *.trymedia.com
TCP: {C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t6z41347.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 18:32:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{063875D8-08AA-A1E7-4880-80FF66EA1888}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaphfkhnkcfbobcgnnbkejhnbcackn"=hex:63,61,70,6a,63,61,00,7c
"oalgnhlbdmmijlmocfmidflckfchhn"=hex:6a,61,70,6a,66,62,6f,63,67,65,63,6b,65,6d,
69,64,6a,66,64,6e,00,fd
"nabglfipdjhgenabckmedoblfhdh"=hex:69,61,66,6a,6b,66,62,64,68,6e,6a,6e,68,68,
69,66,66,6b,00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF125261-37B3-38C7-44C6-4F9F3F87FB7C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahankcnldkekceefc"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00
"hanadnpjkgehoogb"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\SecuROM\License information*]
"datasecu"=hex:a8,f6,68,19,44,f2,70,f7,2e,93,fb,71,26,2c,98,19,03,db,b5,32,d2,
ef,12,00,fa,d9,77,17,7b,10,d6,25,6a,14,4f,a5,90,7e,91,eb,2a,38,e7,db,17,a7,\
"rkeysecu"=hex:52,30,29,32,29,42,6f,2b,1d,08,72,63,f5,41,c5,ae
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-01-18 18:37:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 00:35:48
ComboFix2.txt 2008-08-15 09:12:58

Pre-Run: 108,061,802,496 bytes free
Post-Run: 108,170,018,816 bytes free

982 --- E O F --- 2008-11-17 18:42:21

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 18 January 2009 - 08:11 PM

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Kaspersky or Norton Internet Security .
============================================================
1. Open notepad and copy/paste the text in the codebox below into it:


http://www.bleepingcomputer.com/forums/t/196281/pop-ups-crashes-freezing-slow-internet/

Collect::
c:\documents and settings\HP_Administrator\z.exe
c:\documents and settings\HP_Administrator\u.exe
c:\windows\system32\j3X36c5F.exe
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\stus.exe
c:\program files\Common Files\System\smss.exe 

File::
c:\windows\Tasks\At1.job
c:\windows\system32\j3X36c5F.exe 
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Folder::
c:\program files\tintinyproxyy

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\System\\smss.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2aa274-b9a1-11dd-903c-0018f3e77aca}]
Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Submit.zip

Click Here to upload the submit.zip please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 18 January 2009 - 10:15 PM

Here is the new combofix log. I was aware of the dual antivirus confliction. Kaspersky has been expired for a few months and doesn't run, I just have forgotten to remove it. Also, Norton hasn't been enabled in a while. Which is probably why this problem has started. After running this ComboFix, Firefox does not work now. It says Proxy Server Refused Connection. Firefox is configured to use a proxy server that is refusing connections. The browser is configured to use a proxy server, but the proxy refused a connection.





ComboFix 09-01-18.01 - HP_Administrator 2009-01-18 21:00:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.426 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\j3X36c5F.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\u.exe
c:\documents and settings\HP_Administrator\z.exe
c:\program files\Common Files\System\smss.exe
c:\program files\tintinyproxyy
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\j3X36c5F.exe
c:\windows\system32\stus.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-18 18:00 . 2009-01-18 18:32 122,912 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-18 18:00 . 2009-01-18 18:32 1,500 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-18 18:00 . 2009-01-18 18:14 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-18 18:00 . 2009-01-18 18:14 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-18 17:45 . 2009-01-18 18:00 <DIR> d-------- C:\327882R2FWJFW
2009-01-18 17:11 . 2009-01-18 17:11 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-18 17:11 . 2009-01-18 17:11 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-18 17:10 . 2009-01-18 17:10 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-18 17:10 . 2009-01-18 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-17 15:04 . 2009-01-17 15:04 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2009-01-10 01:33 . 2009-01-10 02:23 <DIR> d-------- C:\New Folder
2008-12-26 22:30 . 2008-12-26 22:30 <DIR> d-------- c:\program files\Common Files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 22:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-18 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 23:53 --------- d-----w c:\program files\IDoser v4
2008-12-28 05:16 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2008-12-14 06:49 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-03 21:05 --------- d-----w c:\program files\iTunes
2008-12-03 21:05 --------- d-----w c:\program files\iPod
2008-12-03 21:05 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 21:04 --------- d-----w c:\program files\QuickTime
2008-12-02 06:48 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-12 02:00 218,376 ----a-w c:\windows\system32\klogon.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-07-23 18:13 1,552 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-13 22:46 840,450 ----a-w c:\program files\TabIt.zip
2007-01-22 05:15 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 21:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-05-09 16:50 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-03 00:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 15:05 106496 c:\windows\system32\ftutil2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 16:50 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 21:05 16239616 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Shared\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-20 24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-09-24 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 Network Connections (Netman);Network Connections (Netman);c:\program files\Common Files\\System\\smss.exe --> c:\program files\Common Files\\System\\smss.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad2-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad3-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - G:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: *.convergys.com
Trusted Zone: mycvg.convergys.com
Trusted Zone: *.doginhispen.com
Trusted Zone: www.select2perform.com
Trusted Zone: *.whataboutadog.com
Trusted Zone: *.trymedia.com
TCP: {C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t6z41347.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 21:04:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{063875D8-08AA-A1E7-4880-80FF66EA1888}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaphfkhnkcfbobcgnnbkejhnbcackn"=hex:63,61,70,6a,63,61,00,7c
"oalgnhlbdmmijlmocfmidflckfchhn"=hex:6a,61,70,6a,66,62,6f,63,67,65,63,6b,65,6d,
69,64,6a,66,64,6e,00,fd
"nabglfipdjhgenabckmedoblfhdh"=hex:69,61,66,6a,6b,66,62,64,68,6e,6a,6e,68,68,
69,66,66,6b,00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF125261-37B3-38C7-44C6-4F9F3F87FB7C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahankcnldkekceefc"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00
"hanadnpjkgehoogb"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\SecuROM\License information*]
"datasecu"=hex:a8,f6,68,19,44,f2,70,f7,2e,93,fb,71,26,2c,98,19,03,db,b5,32,d2,
ef,12,00,fa,d9,77,17,7b,10,d6,25,6a,14,4f,a5,90,7e,91,eb,2a,38,e7,db,17,a7,\
"rkeysecu"=hex:52,30,29,32,29,42,6f,2b,1d,08,72,63,f5,41,c5,ae
.
Completion time: 2009-01-18 21:08:58
ComboFix-quarantined-files.txt 2009-01-19 03:07:40
ComboFix2.txt 2009-01-19 00:37:08
ComboFix3.txt 2008-08-15 09:12:58

Pre-Run: 108,156,551,168 bytes free
Post-Run: 108,139,663,360 bytes free

281 --- E O F --- 2008-11-17 18:42:21

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 18 January 2009 - 10:24 PM

For firefox do this:
In Firefox go to Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver.
=============
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 19 January 2009 - 05:46 AM

MBAM restarted my computer when finished and i'm not sure this is the correct log, but this is the log from a quick scan whereas the other is a full scan.


Malwarebytes' Anti-Malware 1.24
Database version: 1054
Windows 5.1.2600 Service Pack 2

1:27:33 PM 8/15/2008
mbam-log-8-15-2008 (13-27-33).txt

Scan type: Quick Scan
Objects scanned: 44352
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc534j0e125 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc534j0e125 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\ErrorLog.txt (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\puzzle.bmp153371953 (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 19 January 2009 - 07:53 AM

Great let's see a new Hijackthis log.

Edited by kahdah, 19 January 2009 - 07:53 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 19 January 2009 - 11:14 PM

Hijack This log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:47 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Program Files\Common Files\\System\\smss.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8244 bytes

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 20 January 2009 - 07:56 AM

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Program Files\Common Files\\System\\smss.exe (file missing)



Now click on Fix Checked and then close Hijackthis.
===================================
Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.
@Echo off

regedit /e look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
start notepad look.txt

Then please double click on fixthis.bat a window will open and close quickly.This is normal.
Click Here to upload the contents of the Notepad document that opens.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 20 January 2009 - 03:32 PM

Ran Hijackthis. Checked the files you advised me to. Fixed them. Hijackthis restarted my computer. To get back to a notepad document, I re-ran Hijackthis. Saved the fixthis.bat file. Opened it, no notepad doc opened up to upload.

Did I do something wrong?

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 21 January 2009 - 07:56 AM

Ok strange but I will attch the batch file tothis post.
Download it and save it to your desktop.
Right click on it to run it.
It should produce a very long text document please upload the file Here


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 22 January 2009 - 08:14 AM

Ran the file...text document log is uploaded. It is named "look.txt".

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:35 AM

Posted 22 January 2009 - 08:33 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Viewpoint Manager Service 

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Connections (Netman)]

Folder::
C:\Program Files\Viewpoint


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 splitfingerz

splitfingerz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 24 January 2009 - 01:01 AM

Combofix.txt log

ComboFix 09-01-21.04 - HP_Administrator 2009-01-23 23:43:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.453 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
FW: Norton Internet Security 2006 *enabled*
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-19 02:44 . 2009-01-19 02:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 02:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 02:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-18 18:00 . 2009-01-23 23:51 188,448 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-18 18:00 . 2009-01-23 23:51 1,724 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-18 18:00 . 2009-01-23 23:47 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-18 18:00 . 2009-01-23 23:47 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-18 17:45 . 2009-01-18 18:00 <DIR> d-------- C:\327882R2FWJFW
2009-01-18 17:11 . 2009-01-18 17:11 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-18 17:11 . 2009-01-18 17:11 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-18 17:10 . 2009-01-18 17:10 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-18 17:10 . 2009-01-23 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-17 15:04 . 2009-01-17 15:04 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\AdobeUM
2009-01-10 01:33 . 2009-01-10 02:23 <DIR> d-------- C:\New Folder
2008-12-26 22:30 . 2008-12-26 22:30 <DIR> d-------- c:\program files\Common Files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 22:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-18 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 23:53 --------- d-----w c:\program files\IDoser v4
2008-12-28 05:16 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2008-12-14 06:49 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-03 21:05 --------- d-----w c:\program files\iTunes
2008-12-03 21:05 --------- d-----w c:\program files\iPod
2008-12-03 21:05 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 21:05 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 21:04 --------- d-----w c:\program files\QuickTime
2008-12-02 06:48 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Ventrilo
2008-12-02 06:47 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-07-23 18:13 1,552 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2007-04-13 22:46 840,450 ----a-w c:\program files\TabIt.zip
2007-01-22 05:15 774,144 ----a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-18_18.34.34.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2009-01-19 00:15:59 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-19 09:10:57 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-19 00:15:59 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-19 09:10:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-19 00:15:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 09:10:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
- 2006-08-21 15:52:08 246,814 ----a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-09 23:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 15:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2009-01-24 05:51:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a54.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 185,896 2007-02-03 23:55:46 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 249,856 2006-02-16 05:34:58 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

----a-w 49,152 2006-02-19 07:41:10 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

----a-w 90,112 2006-04-13 16:05:00 c:\program files\HP DigitalMedia Archive\bak\DMAScheduler.exe

----a-w 389,120 2006-04-03 01:07:44 c:\program files\Linksys EasyLink Advisor\bak\LinksysAgent.exe

----a-w 1,694,208 2004-10-13 23:24:37 c:\program files\Messenger\bak\msmsgs.exe

----a-w 1,207,080 2006-06-21 03:36:22 c:\program files\Microsoft ActiveSync\bak\wcescomm.exe

----a-w 282,624 2007-02-03 01:57:41 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 16:30:50 c:\program files\QuickTime\QTTask.exe

----a-w 67,584 2005-09-30 04:01:14 c:\windows\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-06 03:56:34 c:\windows\ehome\ehtray.exe

----a-w 237,568 2005-07-23 05:14:00 c:\windows\SMINST\bak\RECGUARD.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 21:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-05-09 16:50 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-03 00:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 15:05 106496 c:\windows\system32\ftutil2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 16:50 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 21:05 16239616 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Shared\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-09-24 16512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e2aa274-b9a1-11dd-903c-0018f3e77aca}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com f:
\Shell\Open\command - f:\resycled\ntldr.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad2-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8805ad3-ab5d-11db-8f82-0018f3e77aca}]
\Shell\AutoRun\command - G:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: convergys.com
Trusted Zone: convergys.com\mycvg
Trusted Zone: select2perform.com\www
Trusted Zone: trymedia.com
TCP: {C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t6z41347.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 23:51:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{063875D8-08AA-A1E7-4880-80FF66EA1888}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaphfkhnkcfbobcgnnbkejhnbcackn"=hex:63,61,70,6a,63,61,00,7c
"oalgnhlbdmmijlmocfmidflckfchhn"=hex:6a,61,70,6a,66,62,6f,63,67,65,63,6b,65,6d,
69,64,6a,66,64,6e,00,fd
"nabglfipdjhgenabckmedoblfhdh"=hex:69,61,66,6a,6b,66,62,64,68,6e,6a,6e,68,68,
69,66,66,6b,00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF125261-37B3-38C7-44C6-4F9F3F87FB7C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahankcnldkekceefc"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00
"hanadnpjkgehoogb"=hex:69,61,67,6c,65,62,6c,6e,66,69,70,6b,61,6a,6e,70,6c,67,
00,00

[HKEY_USERS\S-1-5-21-2894209609-115271209-3539559434-1007\Software\SecuROM\License information*]
"datasecu"=hex:a8,f6,68,19,44,f2,70,f7,2e,93,fb,71,26,2c,98,19,03,db,b5,32,d2,
ef,12,00,fa,d9,77,17,7b,10,d6,25,6a,14,4f,a5,90,7e,91,eb,2a,38,e7,db,17,a7,\
"rkeysecu"=hex:52,30,29,32,29,42,6f,2b,1d,08,72,63,f5,41,c5,ae
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2009-01-23 23:58:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 05:57:38
ComboFix2.txt 2009-01-19 03:08:59
ComboFix3.txt 2009-01-19 00:37:08
ComboFix4.txt 2008-08-15 09:12:58

Pre-Run: 107,116,810,240 bytes free
Post-Run: 107,096,743,936 bytes free

551 --- E O F --- 2009-01-19 09:04:09







Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:56 PM, on 1/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C40DD8FC-7E1F-4BD0-9865-52EEAF0CCDF9}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 7501 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users