Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Malware and I cannot remove!


  • This topic is locked This topic is locked
16 replies to this topic

#1 rosefox242

rosefox242

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 10:48 AM

I need some help badly. I ran adaware & superantispyware and they did not find anything. I run McAfee and it is sitting fat, dumb and happy.

housecall from Trend found Troj_agent.AVDB and supposedly removed it.

malwarebytes also removed some things - I cannot include a print here....but included a print screen in the attached word document.... something like malware.trace and trojan.bho.

I changed the system to not do restores, put in safe mode and ran the malwarebytes....

After all this:
I am getting pop up windows still and it is usually an online dating site like christiansingles.com or sometimes porn. I need to take care of this as soon as possible!

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:03 PM

Posted 16 July 2009 - 12:01 PM

Hello rosefox242,

Posted Image

I cannot open that document.....if you'll open MBAM and look in the logs/reports, you should be able to copy and paste one here in the thread. I find that preferable anyway. :thumbup2:

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Post that report in your reply also, and we'll go from there. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 12:13 PM

hijack this log here and the malware one down below! Thanks!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:55 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\slclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (file missing)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet/intranet/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1243636171531
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527452351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527443304
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - https://www.aasllc.org/supplier/Mocha/matn5250.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - c:\windows\system32\slclient.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\commagent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10961 bytes



Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/16/2009 7:35:53 AM
mbam-log-2009-07-16 (07-35-53).txt

Scan type: Quick Scan
Objects scanned: 96007
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\jk557.jk557mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jk557.jk557mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\winrpc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator.stcitmgr2\local settings\temporary internet files\ISOSetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winrpc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:03 PM

Posted 16 July 2009 - 12:36 PM

Hi there,

Thanks for those. :thumbup2:

Please turn system restore back on, if you haven't already. This leaves you nothing if you need to go back for some reason. Better a dirty restore point than none at all.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :)

If McAfee still gives you problems then you may have to temporarily uninstall it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:08 PM

Thanks for your help... Combofix log: and hijackthis log below
ComboFix 09-07-14.08 - Administrator 07/16/2009 13:47.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.662 [GMT -4:00]
Running from: c:\documents and settings\Administrator.STCITMGR2\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.STCITMGR2\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\windows\Installer\6113d.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 17:10 . 2009-07-16 17:10 -------- d-----w- c:\program files\Trend Micro
2009-07-16 11:19 . 2009-07-16 11:19 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-16 11:14 . 2009-05-02 12:17 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-13 02:46 . 2009-07-13 02:46 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Local Settings\Application Data\Internet Saving Optimizer
2009-07-13 02:42 . 2009-07-16 10:42 -------- d-----w- c:\program files\DoubleD
2009-07-13 02:42 . 2009-07-16 10:42 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Local Settings\Application Data\DoubleD
2009-07-12 11:16 . 2009-07-12 11:49 -------- d-----w- c:\program files\uCertify
2009-07-10 13:57 . 2009-07-10 13:57 5120 ----a-r- c:\documents and settings\Administrator.STCITMGR2\Application Data\Microsoft\Installer\{BDD7EB42-5609-49B1-A4B1-70C9CBD62D5C}\IconTmpl.6CB586F0_5D86_454E_A763_2AAC2F44EA18.exe
2009-07-10 13:55 . 2009-07-10 13:55 5120 ----a-r- c:\documents and settings\Administrator.STCITMGR2\Application Data\Microsoft\Installer\{184EF454-D0BF-44A0-AA5A-533C86B16DF7}\IconTmpl1.6CB586F0_5D86_454E_A763_2AAC2F44EA18.exe
2009-07-10 13:50 . 2009-07-10 13:55 -------- d-----w- c:\program files\SimulationExams
2009-07-10 13:50 . 2009-07-10 13:50 249856 ------w- c:\windows\Setup1.exe
2009-07-10 13:50 . 2009-07-10 13:50 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-07 20:57 . 2009-07-10 13:57 -------- d-----w- c:\program files\Certblaster
2009-07-07 20:57 . 2009-07-07 20:57 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\Certblaster
2009-07-07 20:50 . 2009-07-07 20:50 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Local Settings\Application Data\Help
2009-07-07 20:01 . 2009-07-07 20:01 -------- d-----w- c:\windows\system32\WinNTDlls
2009-07-07 20:01 . 2009-07-11 09:53 -------- d-----w- c:\program files\Certification Preparation
2009-07-07 20:01 . 2009-07-07 20:01 -------- d-----w- c:\windows\system32\Win98Dlls
2009-06-26 18:22 . 2009-06-26 18:22 726008 ----a-w- c:\documents and settings\Administrator.STCITMGR2\gotomypc_438.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 12:25 . 2009-05-30 21:45 117760 ----a-w- c:\documents and settings\Administrator.STCITMGR2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 11:20 . 2009-05-30 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 17:36 . 2009-05-30 02:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-05-30 02:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:01 . 2009-06-19 13:38 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-13 14:01 . 2009-06-19 13:38 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-12 22:37 . 2009-03-05 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-10 13:56 . 2009-05-30 21:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-06 13:39 . 2009-06-19 13:38 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-03 13:38 . 2009-06-19 13:38 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-03 13:38 . 2009-06-19 13:38 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-03 13:38 . 2009-05-29 13:38 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-03 13:38 . 2009-05-29 13:38 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-03 13:38 . 2009-05-29 13:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-03 13:38 . 2009-06-19 13:38 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-03 13:38 . 2009-06-19 13:38 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-03 13:38 . 2009-06-19 13:38 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-03 13:38 . 2009-06-19 13:38 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-03 13:38 . 2009-06-19 13:38 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-03 13:38 . 2009-06-19 13:38 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 13:55 . 2009-06-19 13:38 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-29 13:53 . 2009-06-19 13:38 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 13:42 . 2009-06-19 13:38 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-25 15:29 . 2009-04-27 17:22 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\Canon
2009-06-16 14:36 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-09 10:49 . 2009-06-09 10:46 -------- d-----w- c:\program files\Coupons
2009-06-03 19:09 . 2004-08-04 00:56 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 21:45 . 2009-05-30 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-30 21:45 . 2009-05-30 21:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-30 21:45 . 2009-05-30 21:45 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\SUPERAntiSpyware.com
2009-05-30 03:08 . 2009-01-30 15:13 -------- d-----w- c:\program files\Google
2009-05-30 03:07 . 2009-05-29 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-30 03:06 . 2009-02-21 19:04 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\Yahoo!
2009-05-30 03:06 . 2009-05-30 03:06 262144 ----a-w- C:\ntuser.dat
2009-05-30 03:06 . 2009-02-21 18:53 -------- d-----w- c:\program files\Yahoo!
2009-05-30 03:06 . 2009-05-30 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\Malwarebytes
2009-05-30 02:12 . 2009-05-30 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 00:35 . 2009-05-30 00:35 -------- d-----w- c:\documents and settings\test\Application Data\McAfee
2009-05-29 23:56 . 2009-05-29 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion(3)
2009-05-29 23:21 . 2009-05-29 23:21 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\Uniblue
2009-05-29 13:48 . 2009-05-29 11:37 -------- d-----w- c:\documents and settings\Administrator.STCITMGR2\Application Data\McAfee
2009-05-29 13:48 . 2009-05-29 13:48 49152 ----a-r- c:\documents and settings\Administrator.STCITMGR2\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-05-29 13:48 . 2009-05-29 13:48 49152 ----a-r- c:\documents and settings\Administrator.STCITMGR2\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-05-29 13:48 . 2009-02-21 17:52 -------- d-----w- c:\program files\McAfee
2009-05-29 13:48 . 2009-02-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-29 13:38 . 2009-05-29 13:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 13:38 . 2009-05-29 13:38 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 13:38 . 2009-05-29 13:38 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-29 13:38 . 2009-05-29 13:38 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-29 13:35 . 2009-05-29 13:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-29 13:35 . 2009-05-29 13:35 -------- d-----w- c:\program files\Lavasoft
2009-05-29 13:35 . 2009-05-29 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-29 12:03 . 2009-05-29 12:03 123432 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 12:03 . 2009-05-29 12:03 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-05-29 11:37 . 2009-05-29 11:37 146 ----a-w- c:\documents and settings\Administrator.STCITMGR2\Local Settings\Application Data\fusioncache.dat
2009-05-13 05:15 . 2004-08-04 00:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 00:56 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-30_02.47.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-22 19:59 . 2001-08-22 19:59 27136 c:\windows\system32\WinNTDlls\CTL3D32.DLL
+ 2001-08-22 19:59 . 2001-08-22 19:59 45056 c:\windows\system32\Win98Dlls\ctl3d32.dll
+ 1998-06-18 04:00 . 1998-06-18 04:00 89360 c:\windows\system32\VB5DB.DLL
+ 2001-08-23 08:00 . 2009-07-16 17:08 71904 c:\windows\system32\perfc009.dat
- 2001-08-23 08:00 . 2009-05-30 02:37 71904 c:\windows\system32\perfc009.dat
+ 2002-03-27 19:29 . 2002-03-27 19:29 24576 c:\windows\system32\msxml3a.dll
+ 1998-04-24 04:00 . 1998-04-24 04:00 24848 c:\windows\system32\MSJTER35.DLL
- 2004-08-04 00:56 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 00:56 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2007-08-13 23:54 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 23:54 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
- 2007-08-21 15:13 . 2009-05-29 23:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-21 15:13 . 2009-07-16 14:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-21 15:13 . 2009-07-16 14:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-21 15:13 . 2009-05-29 23:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-30 15:20 . 2009-01-30 15:20 20992 c:\windows\Installer\a03cc8c.msi
+ 2009-01-30 15:20 . 2009-01-30 15:20 24576 c:\windows\Installer\a03cc87.msi
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\2e05a4.msp
+ 2009-02-21 18:23 . 2009-02-21 18:23 88576 c:\windows\Installer\2838ef.msi
+ 2009-05-30 03:08 . 2009-05-30 03:08 24064 c:\windows\Installer\14ae52.msi
+ 2009-05-30 21:45 . 2009-05-30 21:45 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-05-30 21:45 . 2009-05-30 21:45 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-08-22 18:52 . 2009-07-15 18:30 40960 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\pj10icon.exe
- 2007-08-22 18:52 . 2009-04-17 07:03 40960 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\pj10icon.exe
- 2007-08-22 18:52 . 2009-04-17 07:03 34304 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-22 18:52 . 2009-07-15 18:30 34304 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-22 18:31 . 2009-06-10 12:52 16384 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-22 18:31 . 2009-04-17 07:03 16384 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-08-22 18:31 . 2009-06-10 12:52 34304 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-08-22 18:31 . 2009-04-17 07:03 34304 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-08-22 18:31 . 2009-04-17 07:03 81920 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2007-08-22 18:31 . 2009-06-10 12:52 81920 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-05-30 01:59 . 2009-05-30 01:59 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-06-10 12:52 . 2009-06-10 12:52 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-03 22:01 . 2009-04-03 22:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 21:57 . 2009-04-03 21:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2009-06-10 12:52 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-10 12:52 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-10 12:47 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-10 12:47 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-10 12:52 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-10 12:52 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-06-10 12:46 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-10 12:46 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-10 12:50 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-10 12:50 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2007-08-22 18:52 . 2009-07-15 18:30 3584 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-08-22 18:52 . 2009-04-17 07:03 3584 c:\windows\Installer\{903A0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-08-22 18:31 . 2009-04-17 07:03 2560 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-08-22 18:31 . 2009-06-10 12:52 2560 c:\windows\Installer\{90170409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2000-07-15 04:00 . 2000-07-15 04:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2004-08-04 00:56 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2001-08-23 08:00 . 2009-05-30 02:37 444028 c:\windows\system32\perfh009.dat
+ 2001-08-23 08:00 . 2009-07-16 17:08 444028 c:\windows\system32\perfh009.dat
+ 2006-05-09 15:22 . 2006-05-09 15:22 196608 c:\windows\system32\MUPTestPrinter.exe
+ 2004-02-23 04:00 . 2004-02-23 04:00 119808 c:\windows\system32\MSSTDFMT.DLL
+ 2000-06-13 04:00 . 2000-06-13 04:00 415504 c:\windows\system32\MSREPL35.DLL
+ 1998-04-24 04:00 . 1998-04-24 04:00 252176 c:\windows\system32\MSRD2X35.DLL
+ 1998-04-24 04:00 . 1998-04-24 04:00 123664 c:\windows\system32\MSJINT35.DLL
+ 2007-05-04 19:33 . 2007-05-04 19:33 851968 c:\windows\system32\LocalAT.dll
+ 2004-08-04 00:56 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 00:56 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 00:56 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
- 2007-08-21 10:48 . 2009-03-16 19:58 217656 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-21 10:48 . 2009-06-10 13:17 217656 c:\windows\system32\FNTCACHE.DAT
+ 2008-08-20 05:30 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 23:39 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 1999-07-15 10:42 . 1999-07-15 10:42 557328 c:\windows\system32\Dao360.dll
+ 2008-10-15 21:07 . 2004-07-17 11:41 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-10-15 21:07 . 2004-07-17 11:41 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-02-21 18:27 . 2009-02-21 18:27 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-09-04 18:38 . 2008-09-04 18:38 355328 c:\windows\Installer\bba6a5d.msi
+ 2007-08-21 17:36 . 2007-08-21 17:36 871424 c:\windows\Installer\9d30d.msi
+ 2007-02-16 19:42 . 2007-02-16 19:42 223232 c:\windows\Installer\9d2c1.msp
+ 2007-08-21 15:15 . 2007-08-21 15:15 264704 c:\windows\Installer\8346b.msi
+ 2008-10-03 14:27 . 2008-10-03 14:27 625664 c:\windows\Installer\76a591ed.msi
+ 2009-04-20 18:59 . 2009-04-20 18:59 219648 c:\windows\Installer\5a617c1.msp
+ 2009-05-29 13:35 . 2009-05-29 13:35 236032 c:\windows\Installer\52ab1c.msi
+ 2009-02-22 15:15 . 2009-02-22 15:15 471552 c:\windows\Installer\4494246.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\2ff0bc.msp
+ 2009-02-21 18:28 . 2009-02-21 18:28 648192 c:\windows\Installer\2ff099.msi
+ 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\2e1e84dd.msp
+ 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\2e1e84ab.msp
+ 2008-01-24 15:04 . 2008-01-24 15:04 678400 c:\windows\Installer\2e1e8490.msp
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\2e05ad.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\2e05ab.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\2e05a9.msp
+ 2009-02-21 18:26 . 2009-02-21 18:26 137728 c:\windows\Installer\2e05a3.msi
+ 2006-06-12 19:15 . 2006-06-12 19:15 323584 c:\windows\Installer\2aa1bf.msp
+ 2006-06-13 18:12 . 2006-06-13 18:12 509440 c:\windows\Installer\2aa1b5.msp
+ 2006-11-03 13:21 . 2006-11-03 13:21 817664 c:\windows\Installer\2aa12a.msp
+ 2006-11-08 20:14 . 2006-11-08 20:14 707072 c:\windows\Installer\2aa118.msp
+ 2006-06-16 18:23 . 2006-06-16 18:23 219136 c:\windows\Installer\2aa053.msp
+ 2004-08-25 12:52 . 2004-08-25 12:52 376832 c:\windows\Installer\2aa022.msp
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\2838f4.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\2838f2.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\2838f1.msp
+ 2009-05-02 14:25 . 2009-05-02 14:25 122880 c:\windows\Installer\1923b630.msi
+ 2009-02-10 12:50 . 2009-02-10 12:50 536576 c:\windows\Installer\17fef36.msp
+ 2007-10-22 14:24 . 2007-10-22 14:24 190976 c:\windows\Installer\150c8bdd.msi
+ 2007-10-22 14:21 . 2007-10-22 14:21 282112 c:\windows\Installer\150c8bd9.msi
+ 2007-08-21 18:31 . 2009-07-15 11:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-08-21 18:31 . 2009-07-15 11:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-08-21 18:31 . 2009-05-13 07:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-06-10 12:52 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-10 12:52 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-10 12:52 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-10 12:52 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-10 12:52 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-10 12:52 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-02-22 15:15 . 2009-02-22 15:15 785920 c:\windows\Downloaded Installations\{648991DA-1015-4E97-80B3-D0720F082108}\HP Product Detection.msi
+ 2009-06-10 12:47 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-10 12:47 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-10 12:47 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-10 12:46 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-10 12:46 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-10 12:50 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-10 12:50 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-10 12:50 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-06-10 12:47 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-10 12:47 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-10 12:47 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-10 12:50 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-10 12:50 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-10 12:52 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll
+ 2009-06-10 12:52 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe
+ 2009-06-10 12:52 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe
+ 2009-06-10 10:14 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll
+ 2009-06-10 10:14 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe
+ 2009-06-10 12:46 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-10 12:46 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-10 12:46 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-10 12:50 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-10 12:50 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-10 12:50 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2004-08-03 23:17 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-07-17 11:35 . 2004-07-17 11:35 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-04 00:56 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2000-06-13 04:00 . 2000-06-13 04:00 1046288 c:\windows\system32\MSJET35.DLL
+ 2004-08-04 00:56 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2008-10-16 18:43 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-08-20 05:30 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-08-20 05:30 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
- 2009-02-21 18:47 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-21 18:47 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-15 21:07 . 2004-07-17 11:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-10-15 21:07 . 2004-07-17 11:41 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-09-05 17:08 . 2008-09-05 17:08 5515776 c:\windows\Installer\dc21d73.msp
+ 2007-09-18 18:18 . 2007-09-18 18:18 5489152 c:\windows\Installer\d284cbdc.msp
+ 2007-08-22 18:52 . 2007-08-22 18:52 1681408 c:\windows\Installer\ca11fa.msi
+ 2007-08-22 18:48 . 2009-05-16 18:07 3817472 c:\windows\Installer\ca11ee.msi
+ 2009-06-30 15:30 . 2009-06-30 15:30 5520384 c:\windows\Installer\c136308.msp
+ 2007-08-22 18:31 . 2007-08-22 18:31 2348544 c:\windows\Installer\ba8009.msi
+ 2009-05-30 21:45 . 2009-05-30 21:45 1516544 c:\windows\Installer\b1bda8.msi
+ 2007-11-02 14:30 . 2007-11-02 14:30 7554048 c:\windows\Installer\b01e18c8.msp
+ 2009-07-10 13:57 . 2009-07-10 13:57 1089536 c:\windows\Installer\b012854.msi
+ 2009-05-20 21:56 . 2009-05-20 21:56 2150400 c:\windows\Installer\a3a93471.msp
+ 2008-12-12 16:09 . 2008-12-12 16:09 5517824 c:\windows\Installer\8bbb2ebe.msp
+ 2007-06-01 19:54 . 2007-06-01 19:54 9626624 c:\windows\Installer\8942f7.msp
+ 2007-07-21 17:26 . 2007-07-21 17:26 7574016 c:\windows\Installer\8942ef.msp
+ 2009-04-06 21:00 . 2009-04-06 21:00 5518336 c:\windows\Installer\818cdd4.msp
+ 2009-05-29 13:48 . 2009-05-29 13:48 1555456 c:\windows\Installer\74a39.msi
+ 2007-08-21 18:31 . 2007-08-21 18:31 5922816 c:\windows\Installer\64bed.msi
+ 2008-06-11 19:05 . 2008-06-11 19:05 9994240 c:\windows\Installer\605ae70.msp
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\5a617b6.msp
+ 2009-05-12 17:01 . 2009-05-12 17:01 6818816 c:\windows\Installer\5a617ad.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\5a61798.msp
+ 2009-05-28 16:32 . 2009-05-28 16:32 5518848 c:\windows\Installer\5a6178e.msp
+ 2009-04-23 21:57 . 2009-04-23 21:57 7672832 c:\windows\Installer\5a61779.msp
+ 2009-05-29 13:35 . 2009-05-29 13:35 1802240 c:\windows\Installer\52ab21.msi
+ 2009-05-01 19:49 . 2009-05-01 19:49 4328960 c:\windows\Installer\5032fbf0.msp
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\5032fbda.msp
+ 2009-01-14 20:43 . 2009-01-14 20:43 5520384 c:\windows\Installer\483417db.msp
+ 2008-10-23 03:48 . 2008-10-23 03:48 7672832 c:\windows\Installer\4804f43.msp
+ 2008-10-23 03:43 . 2008-10-23 03:43 6820352 c:\windows\Installer\4804f2e.msp
+ 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\4804f19.msp
+ 2009-03-30 15:42 . 2009-03-30 15:42 3938816 c:\windows\Installer\472db729.msi
+ 2007-08-21 19:44 . 2007-08-21 19:44 3336192 c:\windows\Installer\40a03c.msi
+ 2007-08-21 16:57 . 2007-08-21 16:57 1142784 c:\windows\Installer\37d5e4.msi
+ 2009-02-11 19:02 . 2009-02-11 19:02 5519872 c:\windows\Installer\36d706db.msp
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\2ff0a7.msp
+ 2008-10-20 15:18 . 2008-10-20 15:18 6474240 c:\windows\Installer\2e33c4fb.msp
+ 2008-11-05 19:25 . 2008-11-05 19:25 5518336 c:\windows\Installer\2e33c4f2.msp
+ 2008-09-04 20:52 . 2008-09-04 20:52 4337664 c:\windows\Installer\2e33c4b9.msp
+ 2008-08-08 13:29 . 2008-08-08 13:29 4974080 c:\windows\Installer\2e1e8546.msp
+ 2008-06-12 01:13 . 2008-06-12 01:13 7988224 c:\windows\Installer\2e1e8512.msp
+ 2008-06-19 23:28 . 2008-06-19 23:28 1573376 c:\windows\Installer\2e1e84c9.msp
+ 2008-07-08 16:27 . 2008-07-08 16:27 8436736 c:\windows\Installer\2e1e84c0.msp
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\2e1e836f.msp
+ 2008-03-21 17:09 . 2008-03-21 17:09 6287872 c:\windows\Installer\2e1e8357.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\2e1e8334.msp
+ 2008-01-14 19:26 . 2008-01-14 19:26 4478464 c:\windows\Installer\2e1e8319.msp
+ 2008-07-30 00:26 . 2008-07-30 00:26 1043456 c:\windows\Installer\2e05ac.msp
+ 2008-07-30 01:37 . 2008-07-30 01:37 2679808 c:\windows\Installer\2e05aa.msp
+ 2008-07-30 02:15 . 2008-07-30 02:15 3697664 c:\windows\Installer\2e05a8.msp
+ 2008-07-30 00:34 . 2008-07-30 00:34 1448448 c:\windows\Installer\2e05a7.msp
+ 2008-07-30 01:22 . 2008-07-30 01:22 4137984 c:\windows\Installer\2e05a6.msp
+ 2008-07-30 00:18 . 2008-07-30 00:18 3376640 c:\windows\Installer\2e05a5.msp
+ 2009-06-10 23:11 . 2009-06-10 23:11 6653952 c:\windows\Installer\2de76d6f.msp
+ 2007-12-06 20:28 . 2007-12-06 20:28 7974912 c:\windows\Installer\2ac745ba.msi
+ 2007-12-06 20:27 . 2007-12-06 20:27 1539072 c:\windows\Installer\2ac745b6.msi
+ 2007-07-23 20:40 . 2007-07-23 20:40 9945600 c:\windows\Installer\2aa1e9.msp
+ 2007-05-22 13:46 . 2007-05-22 13:46 6108672 c:\windows\Installer\2aa1d4.msp
+ 2007-03-22 03:17 . 2007-03-22 03:17 5891072 c:\windows\Installer\2aa1a2.msp
+ 2007-04-25 19:10 . 2007-04-25 19:10 6835712 c:\windows\Installer\2aa196.msp
+ 2007-04-19 19:40 . 2007-04-19 19:40 7979008 c:\windows\Installer\2aa17a.msp
+ 2007-04-25 19:14 . 2007-04-25 19:14 9828864 c:\windows\Installer\2aa15a.msp
+ 2006-12-18 15:48 . 2006-12-18 15:48 5444096 c:\windows\Installer\2aa145.msp
+ 2007-01-04 19:44 . 2007-01-04 19:44 4971520 c:\windows\Installer\2aa131.msp
+ 2007-01-18 20:47 . 2007-01-18 20:47 4849664 c:\windows\Installer\2aa122.msp
+ 2006-08-29 21:50 . 2006-08-29 21:50 3210240 c:\windows\Installer\2aa10f.msp
+ 2006-11-20 20:37 . 2006-11-20 20:37 6553088 c:\windows\Installer\2aa104.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 4008448 c:\windows\Installer\2aa0ef.msp
+ 2006-12-19 19:42 . 2006-12-19 19:42 6649856 c:\windows\Installer\2aa0ee.msp
+ 2006-10-12 14:50 . 2006-10-12 14:50 1091584 c:\windows\Installer\2aa0c2.msp
+ 2006-09-11 16:19 . 2006-09-11 16:19 6253056 c:\windows\Installer\2aa0ad.msp
+ 2006-08-16 02:36 . 2006-08-16 02:36 5206528 c:\windows\Installer\2aa098.msp
+ 2006-07-11 00:32 . 2006-07-11 00:32 1748480 c:\windows\Installer\2aa082.msp
+ 2006-07-10 15:21 . 2006-07-10 15:21 4104192 c:\windows\Installer\2aa07a.msp
+ 2006-07-06 20:42 . 2006-07-06 20:42 1636864 c:\windows\Installer\2aa070.msp
+ 2006-07-17 21:11 . 2006-07-17 21:11 4578816 c:\windows\Installer\2aa067.msp
+ 2006-03-28 19:37 . 2006-03-28 19:37 6956032 c:\windows\Installer\2aa048.msp
+ 2006-02-27 20:31 . 2006-02-27 20:31 1269248 c:\windows\Installer\2aa037.msp
+ 2004-03-10 13:13 . 2004-03-10 13:13 2602496 c:\windows\Installer\2aa017.msp
+ 2004-09-13 04:35 . 2004-09-13 04:35 1452544 c:\windows\Installer\2aa004.msp
+ 2007-08-21 16:40 . 2007-08-21 16:40 3443712 c:\windows\Installer\292ba0.msi
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\2838f8.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\2838f7.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\2838f6.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\2838f5.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\2838f3.msp
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\2838f0.msp
+ 2009-07-08 18:19 . 2009-07-08 18:19 1084928 c:\windows\Installer\1a7494a.msi
+ 2007-11-16 17:58 . 2007-11-16 17:58 5495296 c:\windows\Installer\18f0e77f.msp
+ 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\18f0e76b.msp
+ 2007-07-24 19:02 . 2007-07-24 19:02 5240320 c:\windows\Installer\1827591c.msp
+ 2005-10-26 18:59 . 2005-10-26 18:59 2883072 c:\windows\Installer\1827581d.msp
+ 2009-03-05 19:40 . 2009-03-05 19:40 6819840 c:\windows\Installer\17fef1f.msp
+ 2009-07-07 20:01 . 2009-07-07 20:01 6860800 c:\windows\Installer\1148447f.msi
+ 2007-08-22 19:50 . 2007-08-22 19:50 1664000 c:\windows\Installer\103767b.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-04-03 21:57 . 2009-04-03 21:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-06-10 12:52 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-10 12:52 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-10 12:52 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-02-05 15:00 . 2009-02-05 15:00 5176320 c:\windows\Downloaded Installations\{5F91FA90-453B-4936-9D40-EF7B2C106601}\SmartAudit 4.01.10.msi
+ 2009-06-10 12:46 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-06-10 10:14 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll
+ 2009-06-10 10:14 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
+ 2009-06-10 10:14 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2007-08-21 17:06 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2009-02-21 18:47 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll
+ 2006-10-30 08:05 . 2006-10-30 08:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2007-08-21 17:26 . 2007-08-21 17:26 19210240 c:\windows\Installer\9d2ac.msp
+ 2007-08-21 17:53 . 2007-08-21 17:53 15256576 c:\windows\Installer\4d6ab.msp
+ 2008-12-10 07:29 . 2008-12-10 07:29 11236864 c:\windows\Installer\483417c7.msp
+ 2008-12-13 15:21 . 2008-12-13 15:21 10473472 c:\windows\Installer\2ff0b1.msp
+ 2008-10-20 15:22 . 2008-10-20 15:22 11758592 c:\windows\Installer\2e33c503.msp
+ 2008-09-24 17:05 . 2008-09-24 17:05 16381440 c:\windows\Installer\2e33c4dd.msp
+ 2008-08-13 19:49 . 2008-08-13 19:49 11816960 c:\windows\Installer\2e33c4d5.msp
+ 2008-08-11 16:51 . 2008-08-11 16:51 15916544 c:\windows\Installer\2e1e853e.msp
+ 2008-08-11 16:49 . 2008-08-11 16:49 22457344 c:\windows\Installer\2e1e8536.msp
+ 2008-06-04 18:29 . 2008-06-04 18:29 16905728 c:\windows\Installer\2e1e852e.msp
+ 2008-07-30 13:50 . 2008-07-30 13:50 12506112 c:\windows\Installer\2e1e8507.msp
+ 2008-07-08 15:09 . 2008-07-08 15:09 11887616 c:\windows\Installer\2e1e84f2.msp
+ 2007-10-15 04:33 . 2007-10-15 04:33 26646016 c:\windows\Installer\2e1e8385.msp
+ 2008-01-24 20:56 . 2008-01-24 20:56 13570560 c:\windows\Installer\2e1e8340.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\2e1e830e.msp
+ 2007-05-01 13:29 . 2007-05-01 13:29 10994688 c:\windows\Installer\2aa16f.msp
+ 2005-09-25 15:46 . 2005-09-25 15:46 16084480 c:\windows\Installer\2aa02c.msp
+ 2004-01-30 07:19 . 2004-01-30 07:19 56269996 c:\windows\Installer\18275906.msp
+ 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\182758bb.msp
+ 2004-03-10 23:21 . 2004-03-10 23:21 52117504 c:\windows\Installer\18275809.msp
+ 2004-03-05 07:00 . 2004-03-05 07:00 28847616 c:\windows\Installer\182757c6.msp
+ 2009-02-25 23:07 . 2009-02-25 23:07 11646464 c:\windows\Installer\17fef27.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 38325760 c:\windows\Installer\126068.msp
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-04-03 22:01 . 2009-04-03 22:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-06-10 12:52 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-05-01 19:22 . 2009-05-01 19:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll
+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\2e1e8484.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-26 75256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-30 68592]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2004-01-23 20530]
"Client Access PC5250 Sound"="c:\program files\IBM\Client Access\Emulator\pcssnd.exe" [2004-01-23 40960]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2004-01-23 24626]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2004-01-23 20480]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2004-01-23 45106]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 684032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"37057:TCP"= 37057:TCP:Trend Micro OfficeScan Listener

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundEchoRequest"= 1 (0x1)

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/29/2009 9:38 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [8/30/2007 5:04 PM 558496]
S1 d2c66570;d2c66570; [x]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:38]

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-21 18:32]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-21 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mcafee.com
DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} - hxxps://www.aasllc.org/supplier/Mocha/matn5250.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 13:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1275210071-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,2c,53,d1,3c,20,5d,47,ae,51,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,2c,53,d1,3c,20,5d,47,ae,51,a5,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,2c,53,d1,3c,20,5d,47,ae,51,a5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\WRLogonNtf.DLL
.
Completion time: 2009-07-16 13:54
ComboFix-quarantined-files.txt 2009-07-16 17:54
ComboFix2.txt 2009-05-30 15:58
ComboFix3.txt 2009-05-30 02:51

Pre-Run: 14,936,825,856 bytes free
Post-Run: 15,045,947,392 bytes free

576 --- E O F --- 2009-07-15 11:02

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:40 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\slclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet/intranet/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1243636171531
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527452351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527443304
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - https://www.aasllc.org/supplier/Mocha/matn5250.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - c:\windows\system32\slclient.exe
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\commagent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10086 bytes

Just so you know - I can barely type now - very slow

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:03 PM

Posted 16 July 2009 - 01:25 PM

Hello,

Part of your problem is that you have so many heavy programs running. SpySweeper and SAS are very heavy. I see also that you've run ComboFix multiple times. :thumbup2: Have you rebooted the computer? Please be sure that MBAM is fully updated and have another scan with it. Please post the report in your reply, if there is anything to post. :) Are the popups gone now?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:25 PM

Just so you know.... My typing speed is back to normal. Maybe my PC was still booting up earlier when I could hardly type. I rebooted PC to get antivirus back on!

Thanks.

#8 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:30 PM

Hadn't seen your last response.... I am not running sypsweeper and actually used a removal tool to remove. It had been a server install and was not able to be removed once the PC was removed from the server... I had removed with SSECleanup.
What is SAS??

I ran combofix only once today... but had it on my PC from before today at the suggestion of someone at this same site.

I will run the MBAM again now. I had done a reboot prior to my last reply.

#9 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:41 PM

Ran MBAM again and got nothing.... but I had gotten nothing after the first try today. I ran it a couple times more and it came out clean prior to my posting here! I got desperate by then! :thumbup2:

Anyway - I think the combofix actually fixed it. I haven't gotten any windows opening yet! But- I am not sure yet. My CPU & Memory usage seem really high.

Do you know if my spysweeper is still running in the background and SAS (whatever that is)? Or even how I can remove any start up programs that are not necessary. As far as I know, only McAfee and Adaware run at startup. Nothing else, unless I start them.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:03 PM

Posted 16 July 2009 - 01:47 PM

Yes, Webroot is still listed in your Services. SAS is SUPERAntispyware. :) Would you like to remove one or both of them?

I know it's frustrating, all this. At least the popups have stopped now, and we'll work on the rest. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:51 PM

That would be great! How would I remove spysweeper? I didn't think SuperAntiSpyware ran anything unless I started it. If it is running, yes, I'd like it to not! If it only sits until I run it then it is ok to stay.

Thank you so much for your help!

#12 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 01:53 PM

OH - PS - services:
Webroot spy sweeper engine is disabled
Webroot com agent says automatic

#13 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 02:01 PM

Sorry - one more question! Remote Registry (says it allows a remote user to modify registry) service was started! That sounds dangerous. I would guess this service should always be off - correct?

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:03 PM

Posted 16 July 2009 - 02:05 PM

Hello,

You're welcome. :thumbup2:

Please be sure AdWatch is disabled for this. It tends to do its job too well when it comes to this and we don't want it to interfere.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\commagent.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

C:\Program Files\Webroot

Reboot your computer.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know how it's running, and post one more HijackThis log to be sure Webroot isn't bothering any more. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 rosefox242

rosefox242
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 16 July 2009 - 02:40 PM

Ok - finished all instructions!!! Thanks. Here is the log. I think I am good now. Seems like my page file usage is 374 MB, which still seems high, but maybe I just need more memory. Thanks again for all your help. That stupid malware would just not go away with the traditional scanners I have!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:17 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator.STCITMGR2\Desktop\DoNotRunFixes\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet/intranet/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1243636171531
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527452351
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229527443304
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - https://www.aasllc.org/supplier/Mocha/matn5250.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor (mbackmonitor) - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9590 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users