Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 8/Firefox Disabled - Task Manager Disabled Also


  • This topic is locked This topic is locked
31 replies to this topic

#1 chrissypie

chrissypie

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 17 June 2009 - 10:40 PM

My son infected his PC with some malware/viruses/trojans. I've successfully (I think anyway) removed them but now have a few residual problems.
1. Internet Explorer does not connect to any websites. When IE8 is opened, it appears to be connecting to the homepage (youtube) but all that is displayed is a white page. The same holds true for Mozilla Firefox.
2. My taskmanager has been corrupted/disabled as well. I've gone into gpedit.msc and checked the taskman properties ... all appears to be in order....however the taskmanager does not display when CTRL+ALT+DEL is implemented. I've gone to a command prompt as well and tried to run taskman.exe but nothing happens when the command is entered.

I'm currently running Windows XP Media Center Edition.

I did some additional work on the pc and thought I'd post more information. I installed StopZilla (which I like a lot too) and it caught an extra 216 infections and registry modification. Most notably, in the log it indicated that "DisableTaskManager" was embedded several times in my registry (along with other registry modifications). I then installed Avast and did a boot scan...which caught one more infection.

I'm almost tempted to do a complete wipe and start with a fresh install but am reluctant to do so because one of the repeated infections is on my D:restore drive. Also worth noting is that my logs indicate I run Windows XP Pro when in fact I use Media Center.

One other thing: I ran GMER and found that my system has been modified by rootkit activyt. I have that log if you'd like it.

Thoughts?

Two posts merged due to time elapsed, member unable to edit. ~ Animal

Attached Files


Edited by Animal, 20 June 2009 - 10:26 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 23 June 2009 - 03:55 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please. Include also GMER log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 09:57 AM

Logs provided as requested.

I woudl like to rid the system of the malware and then wipe it clean. I'm reluctant to wipe it clean first as I know that the malware can possibly survive the wipe and that would simply be self-defeating.

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 23 June 2009 - 11:49 AM

Hi,

Complete reformat (aka wipe) will take all bad items on the drive partition. If you're planning to wipe the system then I don't think there's reason to waste time on cleaning attempt. Let me know which one of those two options a) reformat or B ) cleaning attempt you want to take.

Edited by Blade81, 23 June 2009 - 11:49 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 12:14 PM

If I can successfully remove whatever is on here, that's my preference. I do not want to reformat unless I cannot get rid of this malware. I'm just worried because I know malware can survive a reformat.....which is why I want to try to remove everything first.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 23 June 2009 - 12:24 PM

Hi,

Malware won't survive reformat unless it's some file infector type infection like Virut or some autorun infection on external drive which reinfects the system if autorun functionality isn't disabled and drive is plugged in.

It seems you've run ComboFix there (not recommended to do so by oneself). May I see the contents of c:\ComboFix.txt file, please?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 01:01 PM

I ran Combofix because all other scans had been completed and I was still having problems (the Internet connection kept breaking). I have used Combofix in the past and have never had any problems as a result....actually, it was one of the tools we were instructed to use at MPTC.

Log is copied/pasted as well as attached.

ComboFix 09-06-22.04 - Owner 06/22/2009 21:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2444 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090622-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1474653410
c:\windows\kb913800.exe
c:\windows\system32\AutoRun.inf
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-18 23:50 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-18 23:50 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-18 23:49 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-18 23:49 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-18 23:49 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-18 23:49 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-18 23:49 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-18 23:49 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-18 23:49 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-18 21:01 . 2004-08-10 19:00 15360 -c--a-w- c:\windows\system32\dllcache\taskman.exe
2009-06-18 21:01 . 2004-08-10 19:00 15360 ----a-w- c:\windows\taskman.exe
2009-06-18 19:19 . 2009-06-18 19:19 -------- d-----w- c:\program files\Alwil Software
2009-06-18 13:37 . 2009-06-18 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-18 13:36 . 2009-06-18 13:36 -------- d-----w- c:\program files\STOPzilla!
2009-06-18 13:36 . 2009-06-18 13:36 -------- d-----w- c:\program files\Common Files\iS3
2009-06-18 13:36 . 2009-06-23 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-18 02:37 . 2009-06-18 16:47 286720 ------w- c:\windows\Setup1.exe
2009-06-18 02:36 . 2009-06-18 16:47 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-18 01:47 . 2009-06-18 01:48 -------- dc-h--w- c:\windows\ie8
2009-06-18 01:26 . 2009-06-18 01:26 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-06-18 01:22 . 2009-06-18 01:25 -------- d-----w- c:\program files\ATT-SST
2009-06-18 00:46 . 2009-06-18 00:46 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-06-17 20:55 . 2004-08-10 19:00 135680 -c--a-w- c:\windows\system32\dllcache\taskmgr.exe
2009-06-17 14:04 . 2009-06-17 14:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-17 14:03 . 2009-06-17 14:03 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-17 13:56 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-17 13:56 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-17 13:56 . 2009-06-18 01:37 -------- d-----w- c:\windows\ie8updates
2009-06-17 13:56 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-17 13:34 . 2009-03-25 16:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-17 13:34 . 2009-03-25 16:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-17 13:34 . 2009-03-25 16:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-17 13:33 . 2009-06-18 19:40 -------- d-----w- c:\program files\McAfee
2009-06-17 13:28 . 2009-03-25 16:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-17 13:21 . 2009-06-17 13:21 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-17 05:07 . 2009-06-17 10:28 -------- d-----w- c:\windows\BDOSCAN8
2009-06-17 04:55 . 2009-06-17 04:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-17 04:20 . 2009-06-18 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-17 04:20 . 2009-06-17 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-17 04:16 . 2009-06-17 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(2)
2009-06-17 03:39 . 2009-06-17 04:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-06-17 03:39 . 2009-06-17 04:36 -------- d-s---w- c:\documents and settings\Administrator
2009-06-17 03:28 . 2009-06-17 20:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-10 10:30 . 2009-06-10 10:30 -------- d-----w- c:\program files\att-prt22
2009-06-10 10:29 . 2009-06-10 10:32 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-06-08 14:08 . 2009-06-08 14:08 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-08 03:29 . 2008-12-17 18:39 6529320 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe
2009-06-08 03:28 . 2008-12-17 18:37 723120 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe
2009-06-08 03:21 . 2009-06-08 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\19705004
2009-06-08 03:21 . 2009-06-08 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\99714996
2009-06-08 03:17 . 2009-06-08 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\17410624
2009-06-08 03:17 . 2009-06-08 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\97420616
2009-06-08 03:13 . 2009-06-08 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\15243124
2009-06-08 03:13 . 2009-06-08 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\95253116
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-26 20:24 . 2009-05-26 20:25 -------- d-----w- c:\program files\SIW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 03:02 . 2009-06-23 03:02 424 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-06-23 03:02 . 2009-06-23 03:01 616 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-21 21:07 . 2008-08-06 01:14 -------- d-----w- c:\program files\Steam
2009-06-18 21:11 . 2008-11-08 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WholeSecurity
2009-06-18 03:58 . 2008-10-30 23:14 21654 ----a-w- c:\windows\system32\lanesdel.dll
2009-06-18 03:30 . 2007-12-12 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-18 01:25 . 2007-12-13 05:07 -------- d-----w- c:\program files\Common Files\Motive
2009-06-18 01:24 . 2007-12-13 05:25 -------- d-----w- c:\program files\SBC Self Support Tool
2009-06-18 01:24 . 2008-04-12 06:01 -------- d-----w- c:\program files\XMark 7.0
2009-06-18 01:23 . 2008-02-09 19:51 -------- d-----w- c:\program files\Google
2009-06-18 01:23 . 2007-12-12 05:42 -------- d-----w- c:\program files\CyberLink
2009-06-18 01:23 . 2008-12-19 16:02 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-06-18 01:23 . 2008-06-26 05:24 -------- d-----w- c:\program files\BOTS
2009-06-18 01:23 . 2008-06-02 14:33 -------- d-----w- c:\program files\BadgeHelp
2009-06-17 14:01 . 2007-12-12 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-17 13:24 . 2008-03-23 20:18 -------- d-----w- c:\program files\Java
2009-06-12 01:52 . 2008-04-27 01:08 -------- d-----w- c:\program files\Diablo II
2009-06-10 10:29 . 2007-12-13 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-06-08 14:08 . 2009-03-02 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 03:57 . 2008-03-09 03:15 -------- d-----w- c:\program files\Citrix
2009-06-08 03:29 . 2008-09-08 18:04 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2009-06-03 23:34 . 2008-01-21 02:24 -------- d-----w- c:\program files\World of Warcraft
2009-05-26 18:20 . 2009-03-02 01:33 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-03-02 01:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-21 16:56 . 2008-12-13 16:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-21 16:33 . 2009-04-10 17:49 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 23:51 . 2007-12-17 00:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-18 23:51 . 2009-02-10 04:28 -------- d-----w- c:\program files\Chess Buddy Pogo
2009-05-13 05:15 . 2004-10-28 00:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-09 19:40 . 2007-12-13 01:31 8976 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-05-07 15:44 . 2008-06-03 22:35 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-28 22:42 . 2009-04-28 22:42 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2009-04-28 22:41 . 2009-04-28 22:41 -------- d-----w- c:\program files\TeamViewer
2009-04-27 01:54 . 2009-04-27 01:54 253440 ----a-w- c:\windows\system32\rasixcmd.dll
2009-04-25 23:15 . 2009-04-25 23:14 -------- d-----w- c:\program files\SweetIM
2009-04-25 23:15 . 2008-09-27 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2009-04-25 23:09 . 2009-04-25 23:09 -------- d-----w- c:\program files\Microsoft
2009-04-25 23:09 . 2009-04-25 23:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-25 23:08 . 2008-12-19 16:02 -------- d-----w- c:\program files\Windows Live
2009-04-25 23:04 . 2009-04-25 23:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-22 20:14 . 2009-04-22 20:14 70984 ----a-w- c:\documents and settings\Owner\g2mdlhlpx.exe
2009-04-17 09:58 . 2008-06-03 22:35 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-10-28 00:52 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 07:04 . 2008-01-01 00:37 23 ----a-w- c:\windows\popcinfot.dat
2009-04-10 17:48 . 2009-04-10 17:48 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-30 21:48 . 2009-03-30 21:43 122801 ----a-w- c:\windows\hpoins14.dat
2009-03-27 15:56 . 2009-03-27 15:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 15:55 . 2009-03-27 15:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 15:55 . 2009-03-27 15:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 15:55 . 2009-03-27 15:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 15:54 . 2009-03-27 15:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 15:54 . 2009-03-27 15:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 15:54 . 2009-03-27 15:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 15:53 . 2009-03-27 15:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 15:50 . 2009-03-27 15:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
2009-03-25 16:06 . 2009-03-25 16:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2004-08-10 04:30 . 2008-08-07 12:37 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-09-25 01:13 . 2008-09-25 01:13 851968 ----a-w- c:\program files\internet explorer\plugins\libeay32.dll
2008-09-25 01:13 . 2008-09-25 01:13 348160 ----a-w- c:\program files\internet explorer\plugins\msvcr71.dll
2008-09-25 01:13 . 2008-09-25 01:13 917504 ----a-w- c:\program files\internet explorer\plugins\quickMksAx.dll
2008-09-25 01:13 . 2008-09-25 01:13 159744 ----a-w- c:\program files\internet explorer\plugins\ssleay32.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\svchost.exe
[7] 2004-08-10 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-10 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-10 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[7] 2004-08-10 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\user32.dll
[7] 2004-08-10 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll
[7] 2004-08-10 19:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ws2_32.dll
[7] 2004-08-10 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[7] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-10 19:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB942615$\wininet.dll
[7] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows\ie7\wininet.dll
[7] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie8\wininet.dll
[7] 2009-03-08 09:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2004-08-10 19:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\backup\sp2gdr\wininet.dll
[7] 2004-08-10 19:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\SoftwareDistribution\Download\5379e5c681c265eb176cf4ee378a3a96\backup\sp2qfe\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3gdr\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\82c738ec00f0f07f8ea182bc95439593\sp3qfe\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-10 19:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\winlogon.exe
[7] 2004-08-10 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys
[7] 2004-08-10 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ip6fw.sys
[7] 2004-08-10 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2004-08-04 06:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2004-08-04 04:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\ntkrnlpa.exe
[7] 2004-08-04 04:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntkrnlpa.exe
[7] 2004-08-04 04:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\backup\sp2gdr\ntkrnlpa.exe
[7] 2004-08-04 04:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\backup\sp2qfe\ntkrnlpa.exe
[7] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2004-08-10 19:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2004-08-04 07:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2004-08-04 05:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\ntoskrnl.exe
[7] 2004-08-04 05:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntoskrnl.exe
[7] 2004-08-04 05:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\backup\sp2gdr\ntoskrnl.exe
[7] 2004-08-04 05:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\backup\sp2qfe\ntoskrnl.exe
[7] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2004-08-10 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-10 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe
[7] 2004-08-10 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\SoftwareDistribution\Download\881d7070640a4412a784782616794afa\backup\sp2gdr\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-10 19:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\lsass.exe
[7] 2004-08-10 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ctfmon.exe
[7] 2004-08-10 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-10 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 20:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\userinit.exe
[7] 2004-08-10 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[7] 2004-08-10 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtUninstallKB895961$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\termsrv.dll
[7] 2005-03-10 07:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\system32\termsrv.dll

[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-10 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\kernel32.dll
[7] 2004-08-10 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
[7] 2004-08-10 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\powrprof.dll
[7] 2004-08-10 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\imm32.dll
[7] 2004-08-10 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\sfcfiles.dll
[7] 2004-08-10 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\appmgmts.dll
[7] 2004-08-10 19:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\kbdclass.sys
[7] 2004-08-04 12:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Bmpaftcp"= {24FAC130-4E00-4A10-9AC7-DD4684FFF511} - c:\windows\system32\seracdos.dll [2009-03-21 884736]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk
backup=c:\windows\pss\2Wire Wireless Client Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Controller.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Remote Controller.lnk
backup=c:\windows\pss\Remote Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/18/2009 6:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/18/2009 6:49 PM 20560]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [12/12/2007 12:33 AM 10112]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [12/12/2007 12:33 AM 9216]
S2 lbyyqcbk;lbyyqcbk;\??\c:\windows\system32\drivers\ozqzkxe.sys --> c:\windows\system32\drivers\ozqzkxe.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/17/2009 8:37 AM 203280]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 3:02 PM 163840]
S3 lredbooo;lredbooo;\??\c:\docume~1\Owner\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Owner\LOCALS~1\Temp\lredbooo.sys [?]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 usbvm328;HP Camera;c:\windows\system32\drivers\usbvm326.sys [11/19/2008 1:50 PM 219648]
S3 vmfilter323;VC0326 filter service for Serome;c:\windows\system32\drivers\vmfilter323.sys [11/19/2008 1:51 PM 475264]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [1/25/2007 9:54 AM 91496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; YPC 3.2.0; .NET CLR 1.0.3705; InfoPath.2; .NET CLR 2.0.50727; .NET
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {338095E4-1806-4BA3-AB51-38A3179200E9} - hxxps://vdi.morainepark.edu/ui/plugin/msie/vmware-mks.cab
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://cnn-5.vo.llnwd.net/c1/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 22:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1116)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\seracdos.dll
c:\windows\system32\cpyivreg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-23 22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 03:09

Pre-Run: 64,680,402,944 bytes free
Post-Run: 65,416,712,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
476 --- E O F --- 2009-06-17 14:01

#8 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 01:03 PM

I forgot the attachment. Sorry. Here it is.

Attached Files



#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 23 June 2009 - 01:53 PM

actually, it was one of the tools we were instructed to use at MPTC.

Please forgive my cluelessness but what does MPTC stands for?



Upload following files to http://www.virustotal.com and post back the results or a link to the results:
c:\windows\system32\lanesdel.dll
c:\windows\system32\seracdos.dll

Uninstall this vulnerable Flash:
Adobe Flash Player 9 ActiveX

and these vulnerable Javas:
Java™ 6 Update 4
Java™ 6 Update 5



Uninstall old Adobe Reader versions and get the latest one (9.1 and update it to 9.1.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
lbyyqcbk

File::
c:\windows\system32\drivers\ozqzkxe.sys

DirLook::
c:\documents and settings\All Users\Application Data\19705004
c:\documents and settings\All Users\Application Data\99714996
c:\documents and settings\All Users\Application Data\17410624
c:\documents and settings\All Users\Application Data\97420616
c:\documents and settings\All Users\Application Data\15243124
c:\documents and settings\All Users\Application Data\95253116

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe.
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 02:47 PM

All programs indicated have been uninstalled.

MPTC = Moraine Park Technical College. I went to MPTC for tech support training :-) We were taught how to use a few "problem solving" sofwtare programs there - this was one of them.

Links to the results of the upload to virustotal.com
http://www.virustotal.com/reanalisis.html?...35c0-1245786023

http://www.virustotal.com/reanalisis.html?...8d73-1245786108

I also uploaded the results in a text file.

Kaspersky is still running but I thought I'd post the info I had for now...will post the Kaspersky log asap.

Attached Files


Edited by chrissypie, 23 June 2009 - 03:04 PM.


#11 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 23 June 2009 - 08:17 PM

Here is the Kaspersky Log.

Attached Files



#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 24 June 2009 - 10:52 AM

MPTC = Moraine Park Technical College. I went to MPTC for tech support training :-) We were taught how to use a few "problem solving" sofwtare programs there - this was one of them.

Well, ComboFix shouldn't be run without supervision of trained helper. I'm sure you get my point there ;)


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete these folders:
c:\documents and settings\All Users\Application Data\19705004
c:\documents and settings\All Users\Application Data\99714996
c:\documents and settings\All Users\Application Data\17410624
c:\documents and settings\All Users\Application Data\97420616
c:\documents and settings\All Users\Application Data\15243124
c:\documents and settings\All Users\Application Data\95253116

and these files:
C:\Documents and Settings\Owner\My Documents\msjavx86-5.0.3810.0.zip
C:\Documents and Settings\Owner\My Documents\Spybot.exe


Reboot and post a fresh dds.txt log. How's the system running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 24 June 2009 - 11:19 AM

I'm thinking my kids shouldn't be allowed to use their PC's w/o a trained helper too. ;-) LOL

I'm getting error messages when starting Internet Explorer and then IE shuts down. I get the error message several times before I can successfully start IE. Eventually, though, it does start. I do not have a problem w/Mozilla Firefox. Also, I still do not have access to task manager via CTRL+ALT+DEL.

Preference for AV? I've got Avast and StopZilla....which one should I keep?

DDS log and Attach log are attached. THANK YOU for all your help.

Attached Files


Edited by chrissypie, 24 June 2009 - 11:43 AM.


#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:15 PM

Posted 24 June 2009 - 11:58 AM

Hi,

I recommend to keep Avast and to uninstall StopZilla.

What are the error messages and did those appear during the fix process or were those there earlier?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 chrissypie

chrissypie
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:03:15 AM

Posted 24 June 2009 - 12:21 PM

The error messages I got this morning. Any suggestions on task manager?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users