Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help Not sure.


  • This topic is locked This topic is locked
16 replies to this topic

#1 jb5299

jb5299

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 16 May 2009 - 07:07 PM

I'm having problems with diffrent internet pages coming up other then ones clicked. And some basic programs like chkdsk and defrag not working.

Attached Files


Edited by jb5299, 16 May 2009 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:25 PM

Posted 31 May 2009 - 01:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 04 June 2009 - 02:30 PM

I haven't done anything. Other then the virus scans its set to do on its own. I seem to have a google redirect virus. My web pages get directed elsewhere from what i'm searching for. Defrag wont run. Also unable to run spybot search and destroy. Can't even install. Unable to run checkdsk. Those are the only things that I have notice so far.

This showed up on scan this morning.
6/5/2009 5:31:17 AM Startup scanner file \\?\globalroot\systemroot\system32\gxvxcvyuhylkxmumupqlveqaorgrkcvjxbbmn.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined GAMER\Josh

Thanks for taking the time to help me out.

Attached Files


Edited by jb5299, 05 June 2009 - 04:30 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 05 June 2009 - 07:00 PM

Hi jb5299,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Please do the steps fully and in the order they are written and give me feedback about how it went.
  • You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts. If you could not run ComboFix rename the copy on your desktop to jb5299.exe and run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#5 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 06 June 2009 - 06:20 PM

Thank you for taking the time to help me out.

Ok installed norton remover and ran that. Then ran combfix here is log

ComboFix 09-06-06.01 - Josh 06/06/2009 19:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1661 [GMT -4:00]
Running from: c:\documents and settings\Josh\Desktop\Combo-Fix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcappevdlyrqjeywpyndxjjoteplrpbjoy.sys
c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcvyuhylkxmumupqlveqaorgrkcvjxbbmn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 21:35 . 2009-06-06 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 16:20 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-05-18 16:20 . 2009-05-18 16:20 -------- d-----w- c:\program files\Panda Security
2009-05-18 15:51 . 2009-05-18 16:37 -------- d-----w- c:\windows\BDOSCAN8
2009-05-18 15:39 . 2009-05-18 15:39 -------- d-----w- c:\program files\EsetOnlineScanner
2009-05-18 15:27 . 2009-05-18 15:27 73280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 15:02 . 2009-05-18 15:32 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 14:58 . 2009-05-18 14:58 152576 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 13:30 . 2009-05-18 13:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-05-18 13:29 . 2009-05-18 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-05-16 23:47 . 2009-05-16 23:47 -------- d-----w- c:\program files\Trend Micro
2009-05-16 23:17 . 2009-05-16 23:19 -------- d-----w- C:\1ddba6e1fcbcff2bbd597c710d8a
2009-05-15 20:08 . 2009-05-15 20:08 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Pebbles
2009-05-15 20:08 . 2009-05-16 22:55 -------- d-----w- c:\program files\Pebbles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-15 20:02 . 2009-02-23 11:34 -------- d-----w- c:\program files\Coupons
2009-05-08 23:23 . 2008-06-29 13:49 -------- d-----w- c:\program files\XoftSpySE
2009-05-06 18:31 . 2008-09-24 21:14 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2009-05-06 18:25 . 2009-05-06 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"HostManager"="c:\program files\Common Files\AOL\1203782524\ee\AOLSoftware.exe" [2008-06-24 41824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-01-07 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"RivaTunerStatisticsServer"="c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe" [2008-07-11 64528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroHomeFirstStart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1203782524\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/18/2009 12:20 PM 28544]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/18/2008 8:57 PM 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/10/2008 6:53 PM 468224]
S3 esihdrv;esihdrv;\??\c:\docume~1\Josh\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Josh\LOCALS~1\Temp\esihdrv.sys [?]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:48 PM 50048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-05-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-06-06 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]

2009-06-06 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://shirano.freehost.ag/FFXI-AJH-Version.txt
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\riwhxppt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 19:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-06 19:17
ComboFix-quarantined-files.txt 2009-06-06 23:17

Pre-Run: 218,708,496,384 bytes free
Post-Run: 219,156,705,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

159 --- E O F --- 2008-06-11 07:03


Also after rebooting after norton program AV program picked this up
6/6/2009 6:54:15 PM Startup scanner file \\?\globalroot\systemroot\system32\gxvxcvyuhylkxmumupqlveqaorgrkcvjxbbmn.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined GAMER\Josh

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 06 June 2009 - 07:07 PM

Also after rebooting after norton program AV program picked this up
6/6/2009 6:54:15 PM Startup scanner file \\?\globalroot\systemroot\system32\gxvxcvyuhylkxmumupqlveqaorgrkcvjxbbmn.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined GAMER\Josh


Well done and thanks for the feedback. :thumbup2:
Norton could finally remove the DLL because Combofix had removed the rootkit component protecting it and was set to remove the DLL too.
  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    Driver::
    esihdrv
    Folder::
    c:\program files\Coupons
    DDS::
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtr"=-
    DirLook::
    C:\1ddba6e1fcbcff2bbd597c710d8a

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please download Malwarebytes' Anti-Malware from one of these ocations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Tell me also how is your computer running.


#7 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 06 June 2009 - 09:13 PM

I ran combofix again with the script you gave me. Combofix then reboot my pc after restart Combofix came on and said creating log. And all I would get was PV.CFEXE errors after waiting and hitting do not send I never got log. So haven't proceeded to next step since I was unable to get log. Please advise what to do now

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 07 June 2009 - 05:57 AM

Did you opened C:\ComboFix.txt to see if it is a fresh log different from the one you have posted early? Please check is identical to the one you have already posted. You can check the date and the time of running on the first line of the log. If the log is not a fresh one proceed with the next.

Delete your copy of ComboFix and download a fresh one from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop and disable your antivirus before running ComboFix


Drag the CFScript.txt to ComboFix again. Please copy and paste the C:\ComboFix.txt in your next reply.
Also proceed with the next steps.

#9 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 June 2009 - 07:54 AM

Ok check for log and the was one. Here it is
ComboFix 09-06-06.03 - Josh 06/07/2009 8:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1530 [GMT -4:00]
Running from: c:\documents and settings\Josh\Desktop\Combo-Fix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Coupons
c:\program files\Coupons\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 07:13 . 2009-06-07 07:13 -------- d-----w- c:\windows\system32\KB905474
2009-06-07 07:13 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-07 07:13 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-07 02:25 . 2009-06-07 02:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-06 21:35 . 2009-06-06 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 16:20 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-05-18 16:20 . 2009-05-18 16:20 -------- d-----w- c:\program files\Panda Security
2009-05-18 15:51 . 2009-05-18 16:37 -------- d-----w- c:\windows\BDOSCAN8
2009-05-18 15:39 . 2009-05-18 15:39 -------- d-----w- c:\program files\EsetOnlineScanner
2009-05-18 15:27 . 2009-05-18 15:27 73280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 15:02 . 2009-05-18 15:32 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 14:58 . 2009-05-18 14:58 152576 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 13:30 . 2009-05-18 13:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-05-18 13:29 . 2009-05-18 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-05-16 23:47 . 2009-05-16 23:47 -------- d-----w- c:\program files\Trend Micro
2009-05-16 23:17 . 2009-05-16 23:19 -------- d-----w- C:\1ddba6e1fcbcff2bbd597c710d8a
2009-05-15 20:08 . 2009-05-15 20:08 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Pebbles
2009-05-15 20:08 . 2009-05-16 22:55 -------- d-----w- c:\program files\Pebbles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 23:23 . 2008-06-29 13:49 -------- d-----w- c:\program files\XoftSpySE
2009-05-06 18:31 . 2008-09-24 21:14 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2009-05-06 18:25 . 2009-05-06 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-06_23.14.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2007-07-31 00:19 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2008-02-22 19:05 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2008-02-22 18:38 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2007-11-13 11:31 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2008-02-22 18:56 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-09-19 20:56 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-06-07 02:15 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-07 02:15 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\pngfilt.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2002-08-29 12:00 . 2009-03-09 21:43 67822 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2009-06-07 09:02 67822 c:\windows\system32\perfc009.dat
+ 2008-02-22 18:38 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2002-08-29 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2002-08-29 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2008-02-22 18:38 . 2004-08-04 05:56 58880 c:\windows\system32\msdtclog.dll
- 2002-08-29 12:00 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\jsproxy.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 23:39 . 2008-04-22 07:39 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\iernonce.dll
- 2008-02-22 19:05 . 2007-08-13 23:45 78336 c:\windows\system32\ieencode.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2002-08-29 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2008-04-23 04:16 63488 c:\windows\system32\icardie.dll
+ 2008-02-22 19:05 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-02-22 18:38 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-08-29 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2002-08-29 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2002-08-29 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-02-22 18:38 . 2004-08-04 05:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2002-08-29 12:00 . 2005-06-29 01:46 74240 c:\windows\system32\dllcache\mscms.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-02-22 23:28 . 2008-04-22 07:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-02-22 23:28 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2008-02-22 19:05 . 2007-08-13 23:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2002-08-29 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2002-08-29 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-02-22 23:28 . 2008-04-23 04:16 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2002-08-29 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2002-08-29 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2009-06-07 07:04 . 2009-06-07 07:04 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-06-07 07:11 . 2008-04-22 07:39 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-06-07 07:11 . 2007-08-13 23:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-06-07 07:11 . 2008-04-22 07:39 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2006-10-16 10:21 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2008-02-22 19:05 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2002-08-29 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 826368 c:\windows\system32\wininet.dll
+ 2002-08-29 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\wininet.dll
+ 2002-08-29 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 351232 c:\windows\system32\winhttp.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\webcheck.dll
+ 2008-02-22 18:38 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-02-22 18:38 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-02-22 18:37 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2002-08-29 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2002-08-29 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2002-08-29 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2002-08-29 12:00 . 2009-06-07 09:02 433626 c:\windows\system32\perfh009.dat
- 2002-08-29 12:00 . 2009-03-09 21:43 433626 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 283648 c:\windows\system32\pdh.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2002-08-29 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 245248 c:\windows\system32\mswsock.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\mstime.dll
+ 2002-08-29 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
- 2002-08-29 12:00 . 2006-10-19 00:03 100864 c:\windows\system32\logagent.exe
+ 2002-08-29 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2002-08-29 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2008-02-22 18:41 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
+ 2008-02-22 18:41 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-04-23 04:16 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2002-08-29 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\ieakui.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\ieaksie.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\ieakeng.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2002-08-29 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2008-02-22 13:28 . 2009-02-13 16:58 250288 c:\windows\system32\FNTCACHE.DAT
+ 2008-02-22 13:28 . 2009-06-07 07:20 250288 c:\windows\system32\FNTCACHE.DAT
- 2008-02-22 19:05 . 2008-04-23 04:16 133120 c:\windows\system32\extmgr.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2002-08-29 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dxtmsft.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2002-08-29 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2002-08-29 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2002-08-29 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
- 2008-02-22 19:05 . 2008-04-14 11:01 272128 c:\windows\system32\drivers\bthport.sys
+ 2008-02-22 19:05 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2002-08-29 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
- 2002-08-29 12:00 . 2008-02-20 05:32 148992 c:\windows\system32\dnsapi.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-02-22 19:05 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-22 18:38 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2002-08-29 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-02-22 18:38 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-02-22 18:38 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2002-08-29 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 826368 c:\windows\system32\dllcache\wininet.dll
+ 2002-08-29 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2002-08-29 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\dllcache\url.dll
+ 2002-08-29 12:00 . 2007-06-27 02:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2002-08-29 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-08-29 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2002-08-29 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2002-08-29 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2002-08-29 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2002-08-29 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-08-29 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 283648 c:\windows\system32\dllcache\pdh.dll
+ 2002-08-29 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2002-08-29 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\dllcache\mstime.dll
+ 2002-08-29 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\dllcache\msscp.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-02-22 18:40 . 2004-08-04 05:56 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-02-22 18:40 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2002-08-29 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2002-08-29 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
- 2002-08-29 12:00 . 2006-10-19 00:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2002-08-29 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2002-08-29 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2008-02-22 18:41 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2008-02-22 18:41 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-02-22 18:40 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2008-02-22 23:28 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-08-29 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2002-08-29 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-02-22 18:37 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2008-02-22 19:05 . 2008-04-23 04:16 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2002-08-29 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2002-08-29 12:00 . 2008-02-20 05:32 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2008-02-22 19:05 . 2008-04-14 11:01 272128 c:\windows\system32\dllcache\bthport.sys
+ 2008-02-22 19:05 . 2008-06-13 13:10 272128 c:\windows\system32\dllcache\bthport.sys
+ 2002-08-29 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2002-08-29 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\dllcache\advpack.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\advpack.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 616960 c:\windows\system32\advapi32.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2002-08-29 12:00 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-06-07 07:11 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-06-07 07:11 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 478208 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-06-07 07:11 . 2008-04-22 07:40 625664 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-06-07 07:11 . 2008-04-20 05:07 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-06-11 04:32 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
- 2008-06-11 04:32 . 2008-04-14 11:01 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-06-07 02:21 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-02-22 18:38 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
+ 2002-08-29 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2002-08-29 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
+ 2002-08-29 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2002-08-29 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
- 2002-08-29 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 12:00 . 2007-02-28 09:08 2136064 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 01:04 . 2007-02-28 08:38 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 01:04 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 00:06 . 2008-08-30 00:06 1350664 c:\windows\system32\msxml6.dll
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
+ 2002-08-29 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 6066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2008-02-22 18:38 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2002-08-29 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2002-08-29 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2002-08-29 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2002-08-29 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2002-08-29 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2002-08-29 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2008-09-19 16:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2002-08-29 01:04 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2002-08-29 01:04 . 2007-02-28 08:38 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-09-19 16:30 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2002-08-29 12:00 . 2007-02-28 09:08 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2002-08-29 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2002-08-29 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2008-02-22 23:28 . 2007-07-01 03:31 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-02-22 23:28 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-06-07 07:11 . 2008-04-23 04:16 1159680 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-06-07 07:11 . 2008-04-24 02:16 3591680 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 6066176 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-06-07 07:11 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2007-02-28 08:38 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2007-02-28 09:08 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-02-22 19:05 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2008-02-22 19:05 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"HostManager"="c:\program files\Common Files\AOL\1203782524\ee\AOLSoftware.exe" [2008-06-24 41824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-01-07 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"RivaTunerStatisticsServer"="c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe" [2008-07-11 64528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1203782524\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/18/2009 12:20 PM 28544]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/18/2008 8:57 PM 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/10/2008 6:53 PM 468224]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:48 PM 50048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-05-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-06-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-07 02:18]

2009-06-07 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]

2009-06-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://shirano.freehost.ag/FFXI-AJH-Version.txt
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\riwhxppt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 08:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1748)
c:\windows\system32\nview.dll
c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-07 8:46
ComboFix-quarantined-files.txt 2009-06-07 12:46
ComboFix2.txt 2009-06-06 23:17

Pre-Run: 217,758,576,640 bytes free
Post-Run: 217,754,939,392 bytes free

485 --- E O F --- 2009-06-07 07:14

I ran it again and here is the log for that one
ComboFix 09-06-06.03 - Josh 06/07/2009 8:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1530 [GMT -4:00]
Running from: c:\documents and settings\Josh\Desktop\Combo-Fix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Coupons
c:\program files\Coupons\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-07 07:13 . 2009-06-07 07:13 -------- d-----w- c:\windows\system32\KB905474
2009-06-07 07:13 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-06-07 07:13 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-06-07 02:25 . 2009-06-07 02:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-06-06 21:35 . 2009-06-06 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 16:20 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-05-18 16:20 . 2009-05-18 16:20 -------- d-----w- c:\program files\Panda Security
2009-05-18 15:51 . 2009-05-18 16:37 -------- d-----w- c:\windows\BDOSCAN8
2009-05-18 15:39 . 2009-05-18 15:39 -------- d-----w- c:\program files\EsetOnlineScanner
2009-05-18 15:27 . 2009-05-18 15:27 73280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 15:02 . 2009-05-18 15:32 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 14:58 . 2009-05-18 14:58 152576 ----a-w- c:\documents and settings\Josh\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-18 13:30 . 2009-05-18 13:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-05-18 13:29 . 2009-05-18 13:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-05-16 23:47 . 2009-05-16 23:47 -------- d-----w- c:\program files\Trend Micro
2009-05-16 23:17 . 2009-05-16 23:19 -------- d-----w- C:\1ddba6e1fcbcff2bbd597c710d8a
2009-05-15 20:08 . 2009-05-15 20:08 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Pebbles
2009-05-15 20:08 . 2009-05-16 22:55 -------- d-----w- c:\program files\Pebbles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-16 23:15 . 2008-03-15 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-08 23:23 . 2008-06-29 13:49 -------- d-----w- c:\program files\XoftSpySE
2009-05-06 18:31 . 2008-09-24 21:14 -------- d-----w- c:\documents and settings\Josh\Application Data\Apple Computer
2009-05-06 18:25 . 2009-05-06 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-06_23.14.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2007-07-31 00:19 . 2008-10-16 18:09 43544 c:\windows\system32\wups2.dll
+ 2008-02-22 19:05 . 2008-10-16 18:08 34328 c:\windows\system32\wups.dll
+ 2008-02-22 18:38 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2007-11-13 11:31 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe
+ 2008-02-22 18:56 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-09-19 20:56 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-06-07 02:15 . 2008-10-16 18:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-06-07 02:15 . 2008-10-16 18:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\pngfilt.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2002-08-29 12:00 . 2009-03-09 21:43 67822 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2009-06-07 09:02 67822 c:\windows\system32\perfc009.dat
+ 2008-02-22 18:38 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2002-08-29 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2002-08-29 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 52224 c:\windows\system32\msfeedsbs.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2008-02-22 18:38 . 2004-08-04 05:56 58880 c:\windows\system32\msdtclog.dll
- 2002-08-29 12:00 . 2005-06-29 01:46 74240 c:\windows\system32\mscms.dll
+ 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\jsproxy.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 23:39 . 2008-04-22 07:39 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\iernonce.dll
- 2008-02-22 19:05 . 2007-08-13 23:45 78336 c:\windows\system32\ieencode.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
- 2002-08-29 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2008-04-23 04:16 63488 c:\windows\system32\icardie.dll
+ 2008-02-22 19:05 . 2008-10-16 18:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-02-22 18:38 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-08-29 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 55808 c:\windows\system32\dllcache\secur32.dll
+ 2002-08-29 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2002-08-29 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2002-08-29 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-02-22 18:38 . 2004-08-04 05:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2002-08-29 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
- 2002-08-29 12:00 . 2005-06-29 01:46 74240 c:\windows\system32\dllcache\mscms.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-02-22 23:28 . 2008-04-22 07:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-02-22 23:28 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2002-08-29 12:00 . 2008-04-23 04:16 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2008-02-22 19:05 . 2007-08-13 23:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2002-08-29 12:00 . 2008-04-22 07:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2002-08-29 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-02-22 23:28 . 2008-04-23 04:16 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2002-08-29 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2002-08-29 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
+ 2009-06-07 07:04 . 2009-06-07 07:04 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-06-07 07:11 . 2008-04-22 07:39 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-06-07 07:11 . 2007-08-13 23:45 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-06-07 07:11 . 2008-04-22 07:39 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2006-10-16 10:21 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2008-02-22 19:05 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2002-08-29 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 826368 c:\windows\system32\wininet.dll
+ 2002-08-29 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\wininet.dll
+ 2002-08-29 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 351232 c:\windows\system32\winhttp.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\webcheck.dll
+ 2008-02-22 18:38 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-02-22 18:38 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-02-22 18:37 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2002-08-29 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2002-08-29 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2002-08-29 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2002-08-29 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2002-08-29 12:00 . 2009-06-07 09:02 433626 c:\windows\system32\perfh009.dat
- 2002-08-29 12:00 . 2009-03-09 21:43 433626 c:\windows\system32\perfh009.dat
+ 2002-08-29 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 283648 c:\windows\system32\pdh.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2002-08-29 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 245248 c:\windows\system32\mswsock.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\mstime.dll
+ 2002-08-29 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
- 2002-08-29 12:00 . 2006-10-19 00:03 100864 c:\windows\system32\logagent.exe
+ 2002-08-29 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2002-08-29 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2008-02-22 18:41 . 2007-08-21 06:15 683520 c:\windows\system32\inetcomm.dll
+ 2008-02-22 18:41 . 2008-04-11 18:50 683520 c:\windows\system32\inetcomm.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-04-23 04:16 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2002-08-29 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\ieakui.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\ieaksie.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\ieakeng.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2002-08-29 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2008-02-22 13:28 . 2009-02-13 16:58 250288 c:\windows\system32\FNTCACHE.DAT
+ 2008-02-22 13:28 . 2009-06-07 07:20 250288 c:\windows\system32\FNTCACHE.DAT
- 2008-02-22 19:05 . 2008-04-23 04:16 133120 c:\windows\system32\extmgr.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2002-08-29 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dxtmsft.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2002-08-29 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys
+ 2002-08-29 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2002-08-29 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2002-08-29 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys
- 2008-02-22 19:05 . 2008-04-14 11:01 272128 c:\windows\system32\drivers\bthport.sys
+ 2008-02-22 19:05 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2002-08-29 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
- 2002-08-29 12:00 . 2008-02-20 05:32 148992 c:\windows\system32\dnsapi.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2008-02-22 19:05 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2008-02-22 19:05 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-22 18:38 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2002-08-29 12:00 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-02-22 18:38 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-02-22 18:38 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2002-08-29 12:00 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 826368 c:\windows\system32\dllcache\wininet.dll
+ 2002-08-29 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2002-08-29 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 105984 c:\windows\system32\dllcache\url.dll
+ 2002-08-29 12:00 . 2007-06-27 02:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2002-08-29 12:00 . 2008-06-20 09:52 225920 c:\windows\system32\dllcache\tcpip6.sys
+ 2002-08-29 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2002-08-29 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2002-08-29 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2002-08-29 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2002-08-29 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-08-29 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 283648 c:\windows\system32\dllcache\pdh.dll
+ 2002-08-29 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 102912 c:\windows\system32\dllcache\occache.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2002-08-29 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 671232 c:\windows\system32\dllcache\mstime.dll
+ 2002-08-29 12:00 . 2006-12-04 20:21 414720 c:\windows\system32\dllcache\msscp.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 193024 c:\windows\system32\dllcache\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-02-22 18:38 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-02-22 18:40 . 2004-08-04 05:56 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-02-22 18:40 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2002-08-29 12:00 . 2008-10-24 11:10 453632 c:\windows\system32\dllcache\mrxsmb.sys
+ 2002-08-29 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
- 2002-08-29 12:00 . 2006-10-19 00:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2002-08-29 12:00 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2002-08-29 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2008-02-22 18:41 . 2008-04-11 18:50 683520 c:\windows\system32\dllcache\inetcomm.dll
- 2008-02-22 18:41 . 2007-08-21 06:15 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-02-22 18:40 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2008-02-22 23:28 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2002-08-29 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-08-29 12:00 . 2008-04-20 05:07 161792 c:\windows\system32\dllcache\ieakui.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2002-08-29 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2008-02-22 18:37 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2008-02-22 19:05 . 2008-04-23 04:16 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-02-22 19:05 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2002-08-29 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-08-29 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2002-08-29 12:00 . 2008-02-20 05:32 148992 c:\windows\system32\dllcache\dnsapi.dll
- 2008-02-22 19:05 . 2008-04-14 11:01 272128 c:\windows\system32\dllcache\bthport.sys
+ 2008-02-22 19:05 . 2008-06-13 13:10 272128 c:\windows\system32\dllcache\bthport.sys
+ 2002-08-29 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
- 2002-08-29 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\dllcache\advpack.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2002-08-29 12:00 . 2008-04-23 04:16 124928 c:\windows\system32\advpack.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2002-08-29 12:00 . 2004-08-04 05:56 616960 c:\windows\system32\advapi32.dll
+ 2002-08-29 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
+ 2002-08-29 12:00 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-06-07 07:11 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-06-07 07:11 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 478208 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-06-07 07:11 . 2008-04-22 07:40 625664 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-06-07 07:11 . 2008-04-23 04:16 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-06-07 07:11 . 2008-04-20 05:07 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-06-11 04:32 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
- 2008-06-11 04:32 . 2008-04-14 11:01 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2009-06-07 02:21 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-02-22 18:38 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
+ 2002-08-29 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\win32k.sys
+ 2002-08-29 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
+ 2002-08-29 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2002-08-29 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
- 2002-08-29 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2002-08-29 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 12:00 . 2007-02-28 09:08 2136064 c:\windows\system32\ntoskrnl.exe
- 2002-08-29 01:04 . 2007-02-28 08:38 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2002-08-29 01:04 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2008-08-30 00:06 . 2008-08-30 00:06 1350664 c:\windows\system32\msxml6.dll
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
+ 2002-08-29 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\msxml3.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2008-04-23 04:16 6066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2008-02-22 18:38 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
+ 2002-08-29 12:00 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2002-08-29 12:00 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2002-08-29 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2002-08-29 12:00 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2002-08-29 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2002-08-29 12:00 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2002-08-29 12:00 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2008-09-19 16:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2002-08-29 01:04 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2002-08-29 01:04 . 2007-02-28 08:38 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-09-19 16:30 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2002-08-29 12:00 . 2007-02-28 09:08 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2002-08-29 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2002-08-29 12:00 . 2008-09-04 16:42 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2002-08-29 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
- 2008-02-22 23:28 . 2008-04-23 04:16 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-02-22 23:28 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2008-02-22 23:28 . 2007-07-01 03:31 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-02-22 23:28 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-06-07 07:11 . 2008-04-23 04:16 1159680 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-06-07 07:11 . 2008-04-24 02:16 3591680 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-06-07 07:11 . 2008-04-23 04:16 6066176 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-06-07 07:11 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2007-02-28 08:38 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2007-02-28 09:08 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-02-22 19:05 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2008-02-22 19:05 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
"HostManager"="c:\program files\Common Files\AOL\1203782524\ee\AOLSoftware.exe" [2008-06-24 41824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-01-07 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
"RivaTunerStatisticsServer"="c:\program files\EVGA Precision\Bundle\OSDServer\RTSS.exe" [2008-07-11 64528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1203782524\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/18/2009 12:20 PM 28544]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/18/2008 8:57 PM 13696]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/10/2008 6:53 PM 468224]
S3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [5/25/2005 2:39 PM 4608]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 6:48 PM 50048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-05-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-06-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-07 02:18]

2009-06-07 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]

2009-06-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-06-25 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://shirano.freehost.ag/FFXI-AJH-Version.txt
uInternet Settings,ProxyOverride = *.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\riwhxppt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 08:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1748)
c:\windows\system32\nview.dll
c:\program files\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-07 8:46
ComboFix-quarantined-files.txt 2009-06-07 12:46
ComboFix2.txt 2009-06-06 23:17

Pre-Run: 217,758,576,640 bytes free
Post-Run: 217,754,939,392 bytes free

485 --- E O F --- 2009-06-07 07:14

And this is the malware log

Malwarebytes' Anti-Malware 1.37
Database version: 2243
Windows 5.1.2600 Service Pack 2

6/7/2009 8:51:43 AM
mbam-log-2009-06-07 (08-51-43).txt

Scan type: Quick Scan
Objects scanned: 90410
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


My pc is running better able to do defrag again.. Checkdsk. ran after reboot. It was the one I tried to run about two weeks ago. I would just say it couldn't run. So that is an improvement. Haven't tried to reload my Spybot search and destroy since you asked not to install any programs.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 07 June 2009 - 08:10 AM

You may run Spybot S&D but don't activate the Teatimer. Just to see if it runs.
Tell me also if any issues left.

#11 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 June 2009 - 08:28 AM

My spybot will install now before it kept saying files was corupted. And I don't seem to have anymore redirects from websearch. So from the issues that I did notice I was having seems to be back to normal.

Thankyou so much for your help. Is there anything you think I should get to keep this from happening again.


And again I thank you for taking your time to help me out.
Josh.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 07 June 2009 - 08:38 AM

You are most welcome, glad I could help. :thumbup2:

Go to start > run and copy and paste the next command in the field then hit enter:

Combo-Fix.exe /u

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

The first reboot might be a little slow, the next one will be faster.

Optional Recommendations:
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    You can update by going to start > All Programs > Windows update > click on Custom button.

    Note: Download Service Pack 3 but before installing it disable your antivirus real-time protection.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • Install Javacoolsİ SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.
    After each update click on Protection Status in the left pane. Then click on Enable All Protection (bottom left of the right pane).

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.
Happy Surfing!

#13 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 June 2009 - 08:44 AM

Says Windows cannot find 'Combo-Fix.exe'

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:25 PM

Posted 07 June 2009 - 08:58 AM

I think you downloaded a fresh ComboFix but posted the same old log twice. So please try this one:

ComboFix.exe /u

#15 jb5299

jb5299
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 07 June 2009 - 09:10 AM

Yes that did work. I will download the files you suggested. thanks again for your time




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users