Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
9 replies to this topic

#1 ahsjose

ahsjose

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 12 August 2009 - 09:53 AM

so yea, when i search something on google sometimes it will take me to wrong sites.

UPDATE: omg... my desktop background now says: WARNING! YOUR IN DANGER! YOUR COMPUTER IS INFECTED! ALL YOU DO WITH YOUR COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED... and it keeps going.

UPDATE: ok, i ran malwarebytes and it helped to get rid of the desktop background, but the google problem is still there. I posted a new HijackThis log.

help, im scared :thumbup2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:23 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator.JOSE\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SpybotDeletingA9327] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7718] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5016] command.com /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5201] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3064] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7177] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA430] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3244] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8546] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3305] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1853] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7014] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5905] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9157] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2697] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5195] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1656] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3187] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2752] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2965] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7950] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3913] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6800] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9079] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC828] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8264] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8364] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5792] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC768] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7114] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8091] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA577] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC847] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9925] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2350] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4998] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC574] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7649] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3996] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7257] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC736] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6399] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5184] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7254] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7704] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3835] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8557] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2304] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC308] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA250] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7045] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1022] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8767] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA399] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC672] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9103] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4732] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1129] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2333] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2492] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4218] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6957] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6519] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1012] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7935] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1194] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3325] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3483] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8489] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1087] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1408] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8018] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5880] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9647] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1485] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3233] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9965] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3253] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3033] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6174] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6271] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2970] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3318] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2320] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2362] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9621] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6338] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3465] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5135] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3383] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5592] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8759] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7753] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8577] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3383] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5319] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3473] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC713] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA275] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1157] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9630] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3361] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3452] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6716] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8758] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9171] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9285] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7774] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2710] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5567] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5862] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9804] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4131] command.com /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC233] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7244] command.com /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC142] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7995] command.com /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7493] cmd.exe /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3932] command.com /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8140] cmd.exe /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4847] command.com /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3316] cmd.exe /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8622] command.com /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4397] cmd.exe /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7580] command.com /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7003] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8303] command.com /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9986] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1600] command.com /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD605] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command.com /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9483] cmd.exe /c del "C:\WINDOWS\wt\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7546] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3607] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3598] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8937] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7989] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7613] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2590] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4045] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4477] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8643] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4994] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6936] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7637] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8422] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5590] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8233] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8124] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4551] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8870] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9883] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB511] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1505] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9279] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4049] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5060] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7482] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2806] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1546] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9621] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4650] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8446] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3810] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2346] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8880] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB312] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6613] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4120] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3149] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1278] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8261] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9369] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1066] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5648] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5558] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6427] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7041] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3592] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8998] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3382] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9505] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9881] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD355] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2153] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1297] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2443] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1898] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5364] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1354] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8326] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4385] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4181] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingD875] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1268] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5490] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2876] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD961] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4072] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD525] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6843] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8678] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7848] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3557] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9314] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3904] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3769] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5815] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1747] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3787] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1181] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6354] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5809] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4011] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2364] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8725] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6149] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4472] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4115] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5474] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5074] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6279] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6016] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD450] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5598] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1686] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8060] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4237] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7585] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4311] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6825] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8800] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9142] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8050] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6153] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7303] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5012] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2807] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7915] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7580] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4289] command.com /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2050] cmd.exe /c del "C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB475] command.com /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5747] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2533] command.com /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1644] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrmeduipo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7419] command.com /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9279] cmd.exe /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4147] command.com /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1507] cmd.exe /c del "C:\WINDOWS\system32\SKYNETskaujuwo.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB42] command.com /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6418] cmd.exe /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5819] command.com /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8683] cmd.exe /c del "C:\WINDOWS\system32\SKYNETqtevustf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7594] command.com /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1943] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5576] command.com /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5966] cmd.exe /c del "C:\WINDOWS\system32\SKYNETrkmkedqn.dat"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 37299 bytes

Edited by ahsjose, 12 August 2009 - 02:54 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:12 PM

Posted 13 August 2009 - 12:47 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 ahsjose

ahsjose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 13 August 2009 - 04:30 PM

ok... i ran combofix and then it said that ComboFix detected rootkit activity and needed to reboot. It also told me to copy this down.

C:\WINDOWS\system32\drivers\SKYNETpqiuscdt.sys

C:\WINDOWS\system32\SKYNETrmeduipo.dll

C:\WINDOWS\system32\SKYNETqtevustf.dat

C:\WINDOWS\system32\SKYNETskaujuwo.dll

C:\WINDOWS\system32\SKYNETrkmkedqn.dat



here is the log it gave me after I rebooted:

ComboFix 09-08-10.06 - HP_Administrator 08/13/2009 17:16.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.607 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator.JOSE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1483480266-1207188339-1525795405-1008
c:\recycler\S-1-5-21-1483480266-1207188339-1525795405-1009
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\Installer\10bb519.msi
c:\windows\Installer\124779a.msi
c:\windows\Installer\1302e56.msi
c:\windows\Installer\131e52e.msi
c:\windows\Installer\135bea2.msi
c:\windows\Installer\135c12f.msi
c:\windows\Installer\135c135.msi
c:\windows\Installer\135c139.msi
c:\windows\Installer\14a415e.msi
c:\windows\Installer\161345c.msi
c:\windows\Installer\16cfcb.msi
c:\windows\Installer\185fc8.msi
c:\windows\Installer\18604e.msi
c:\windows\Installer\186054.msi
c:\windows\Installer\18605a.msi
c:\windows\Installer\186066.msi
c:\windows\Installer\186078.msi
c:\windows\Installer\186085.msi
c:\windows\Installer\186091.msi
c:\windows\Installer\1860bc.msi
c:\windows\Installer\1a577d.msi
c:\windows\Installer\1a5790.msi
c:\windows\Installer\1a579b.msi
c:\windows\Installer\1a57a5.msi
c:\windows\Installer\1caf756.msp
c:\windows\Installer\1caf769.msp
c:\windows\Installer\1caf77c.msp
c:\windows\Installer\1caf78e.msp
c:\windows\Installer\1caf7a1.msp
c:\windows\Installer\1caf7b3.msp
c:\windows\Installer\1caf7cd.msp
c:\windows\Installer\1caf7e0.msp
c:\windows\Installer\1caf7f3.msp
c:\windows\Installer\1caf806.msp
c:\windows\Installer\1caf81a.msp
c:\windows\Installer\1caf831.msp
c:\windows\Installer\1d96d6c.msp
c:\windows\Installer\223c5c.msi
c:\windows\Installer\248cd6b.msp
c:\windows\Installer\248cd72.msi
c:\windows\Installer\248cd84.msp
c:\windows\Installer\248cd97.msi
c:\windows\Installer\2bef2ed.msi
c:\windows\Installer\2bef2ff.msi
c:\windows\Installer\2bef306.msi
c:\windows\Installer\2bef31d.msi
c:\windows\Installer\2bef377.msi
c:\windows\Installer\2bef389.msi
c:\windows\Installer\2bef3c7.msi
c:\windows\Installer\2bef3db.msi
c:\windows\Installer\2bef3ea.msi
c:\windows\Installer\2bef435.msi
c:\windows\Installer\418b60.msi
c:\windows\Installer\4879bd.msi
c:\windows\Installer\734f98.msi
c:\windows\Installer\9a199.msi
c:\windows\Installer\9a1b0.msp
c:\windows\Installer\d4ab6d.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETpqiuscdt.sys
c:\windows\system32\SKYNETqtevustf.dat
c:\windows\system32\SKYNETrkmkedqn.dat
c:\windows\system32\SKYNETrmeduipo.dll
c:\windows\system32\SKYNETskaujuwo.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETnbpysiro
-------\Legacy_SKYNETnbpysiro


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 01:09 . 2009-08-12 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-12 01:09 . 2009-08-12 01:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-12 01:08 . 2009-08-12 01:08 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\scripting
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\en
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\bits
2009-08-11 16:52 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Malwarebytes
2009-08-11 16:12 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 16:12 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 16:05 . 2009-08-11 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\SUPERAntiSpyware.com
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 14:34 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Apple
2009-08-11 14:34 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Apple Computer
2009-08-11 13:13 . 2009-08-12 16:05 -------- d-----w- c:\program files\Steam
2009-08-11 12:42 . 2009-08-11 12:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 17:51 . 2009-08-10 17:51 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\VSRevoGroup
2009-08-10 17:31 . 2009-08-10 17:31 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\AdobeUM
2009-08-10 17:30 . 2009-08-10 17:30 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Adobe
2009-08-10 16:56 . 2009-08-10 16:56 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Yahoo!
2009-08-10 16:41 . 2009-08-10 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-10 16:41 . 2009-08-10 16:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-10 16:41 . 2009-08-10 16:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-10 16:41 . 2009-08-10 16:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 16:41 . 2009-08-13 13:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-10 16:08 . 2009-08-10 16:08 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\AVG8
2009-08-10 15:52 . 2009-08-10 15:52 -------- d-----w- c:\program files\VS Revo Group
2009-08-10 15:30 . 2008-04-13 18:46 273024 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-09 23:19 . 2009-08-09 23:19 -------- d-s---w- c:\documents and settings\HP_Administrator.JOSE\UserData
2009-08-09 23:19 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-09 23:19 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-09 23:14 . 2009-02-06 11:06 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-09 18:21 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-08-09 18:21 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-08-09 18:21 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-08-09 18:21 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-08-09 18:20 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-08-09 18:20 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-08-09 18:20 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-08-09 18:20 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-09 18:20 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-08-09 18:20 . 2008-04-13 18:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-08-09 18:20 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-09 18:00 . 2009-08-12 15:57 -------- d-sh--r- c:\windows\system32\dllcache
2009-08-09 15:40 . 2009-08-13 17:02 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Tracing
2009-08-09 15:33 . 2009-08-09 15:33 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Mozilla
2009-08-09 15:32 . 2004-10-26 03:17 90112 ----a-w- c:\windows\system32\ps2.EXE
2009-08-09 15:27 . 2009-05-18 04:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-09 15:27 . 2009-05-18 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-08-09 15:27 . 2009-05-18 04:16 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-08-09 05:19 . 2009-08-09 05:19 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-08 15:32 . 2009-08-08 15:32 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Ares
2009-08-08 15:32 . 2009-08-08 15:32 -------- d-----w- c:\program files\Ares
2009-08-07 23:57 . 2009-08-07 23:57 -------- d-----w- C:\Nexon
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\program files\Common Files\SRMic
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\windows\LHSP
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\windows\ASR3232
2009-08-05 18:48 . 1999-06-07 16:32 81920 ------w- c:\windows\asr3232.dll
2009-08-04 15:32 . 2009-08-04 15:32 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Identities
2009-08-04 13:55 . 2009-08-04 13:55 -------- d-----w- c:\program files\AutoHotkey
2009-08-04 13:30 . 2009-08-09 05:29 -------- d-----w- c:\documents and settings\WTF\Application Data\Metacafe
2009-08-04 13:28 . 2009-08-09 14:28 -------- d-----w- c:\program files\Common Files\Akamai
2009-08-04 13:28 . 2009-08-09 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2009-08-03 22:38 . 2009-08-03 22:38 -------- d-----w- c:\program files\MTA San Andreas
2009-08-01 22:19 . 2009-08-13 02:58 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-01 19:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-01 19:07 . 2009-08-01 19:07 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 20:31 . 2009-07-29 20:31 -------- d-sh--w- c:\documents and settings\WTF\PrivacIE
2009-07-29 20:31 . 2009-07-29 20:31 -------- d-----w- c:\documents and settings\WTF\Application Data\Yahoo!
2009-07-28 01:57 . 2009-08-09 03:38 -------- d-----w- c:\documents and settings\WTF\Tracing
2009-07-27 18:46 . 2009-08-08 19:01 -------- d-----w- c:\documents and settings\WTF\Application Data\Apple Computer
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\iPod
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\iTunes
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\Bonjour
2009-07-27 18:45 . 2009-07-27 18:45 -------- d-----w- c:\program files\QuickTime
2009-07-27 18:45 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-27 18:44 . 2009-07-27 18:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-27 18:37 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Apple Computer
2009-07-26 22:37 . 2009-07-26 22:37 -------- d-----w- c:\documents and settings\WTF\Application Data\AdobeUM
2009-07-26 22:36 . 2009-07-26 22:37 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Adobe
2009-07-26 22:33 . 2009-07-26 22:33 152576 ----a-w- c:\documents and settings\WTF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-26 22:14 . 2009-07-26 22:14 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\AVG Security Toolbar
2009-07-26 22:14 . 2009-07-26 22:14 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Mozilla
2009-07-26 22:03 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 17:35 . 2009-08-09 15:29 144 ----a-w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\fusioncache.dat
2009-08-12 19:34 . 2009-08-12 19:34 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Apple Computer
2009-08-12 15:58 . 2009-08-12 15:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-12 15:58 . 2009-08-12 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-12 01:27 . 2009-05-18 04:05 53336 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:05 . 2005-08-31 11:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-11 20:04 . 2009-08-11 20:04 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-08-11 20:04 . 2009-08-11 20:04 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-08-11 20:04 . 2009-08-11 20:04 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-08-11 20:04 . 2009-08-11 20:04 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-08-11 20:04 . 2009-08-11 20:04 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-08-11 20:04 . 2009-08-11 20:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-08-11 20:04 . 2009-08-11 20:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-08-11 20:04 . 2009-08-11 20:04 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-08-11 20:04 . 2009-08-11 20:04 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-08-11 07:18 . 2009-05-18 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-11 07:18 . 2009-05-18 04:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 17:26 . 2009-05-18 04:12 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-10 17:20 . 2009-05-18 04:05 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 17:19 . 2009-05-18 03:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-10 17:18 . 2009-05-18 04:07 -------- d-----w- c:\program files\Sonic
2009-08-10 17:05 . 2009-05-18 04:07 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-10 17:02 . 2009-06-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-10 16:47 . 2009-05-18 04:06 -------- d-----w- c:\program files\Netscape
2009-08-10 16:41 . 2009-05-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 23:19 . 2009-05-18 04:24 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-08-09 15:32 . 2009-08-09 15:32 1834 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER890AA-ABA a1410n_YC_0Pavi_QCNH610_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J320_7AMD_8Athlon 64_92.4_#090517_N_Z11C10620_G10DE0241_OTSSTcorp CD DVDW TS-H552L.MRK
2009-08-05 18:59 . 2009-05-31 02:51 -------- d-----w- c:\program files\Subagames
2009-07-28 01:56 . 2009-06-13 15:03 -------- d-----w- c:\program files\Windows Live
2009-07-26 22:10 . 2009-05-30 21:17 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-07-26 22:10 . 2009-05-30 21:17 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-07-14 18:54 . 2009-08-12 15:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-12 15:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-12 15:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-08-12 15:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2009-05-18 04:49 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-05-18 04:49 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-05-18 04:49 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-05-18 04:49 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2009-05-18 04:49 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-05-18 04:49 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-05-18 04:49 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 17:35 . 2009-07-14 17:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 17:35 . 2009-07-14 17:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 17:35 . 2009-07-14 17:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 17:35 . 2009-07-14 17:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 17:34 . 2009-07-14 17:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 17:34 . 2009-07-14 17:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 17:34 . 2009-07-14 17:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 17:34 . 2009-07-14 17:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 17:34 . 2009-07-14 17:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 17:34 . 2009-07-14 17:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 17:34 . 2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 17:34 . 2009-07-14 17:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 17:34 . 2009-07-14 17:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-10 11:01 . 2009-08-12 15:57 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-30 21:30 . 2009-05-30 21:17 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-05-30 21:30 . 2009-05-30 21:17 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-05-30 21:30 . 2009-05-30 21:17 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-05-30 21:30 . 2009-05-30 21:17 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-05-28 17:34 . 2009-05-28 17:31 78907 ----a-w- c:\windows\hpfins05.dat
2009-05-19 00:21 . 2009-05-19 00:21 19 ----a-w- c:\windows\popcinfo.dat
2009-05-18 04:34 . 2009-08-10 18:03 136 ----a-w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\fusioncache.dat
2009-05-18 04:34 . 2009-05-18 04:34 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-18 04:21 . 2009-05-18 04:21 118842 ----a-r- c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
2009-05-18 04:21 . 2009-05-18 04:21 14316 ----a-w- c:\windows\system32\CHODDI.SYS
2009-05-18 04:20 . 2009-08-10 18:03 51976 ----a-w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 04:20 . 2009-08-09 15:29 51976 ----a-w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 04:02 . 2009-05-18 04:02 80417 ----a-w- c:\windows\HPHins08.dat
2009-05-18 04:01 . 2009-05-18 04:01 72881 ----a-w- c:\windows\hpiins01.dat
2009-05-18 04:01 . 2009-05-18 03:58 87276 ----a-w- c:\windows\hpqins69.dat
2009-05-18 03:57 . 2009-05-18 03:56 112873 ----a-w- c:\windows\hpoins07.dat
2009-05-18 03:56 . 2009-05-18 03:54 88403 ----a-w- c:\windows\hpoins06.dat
2009-05-18 02:33 . 2009-05-18 02:33 0 ----a-w- c:\windows\nsreg.dat
2009-05-17 21:34 . 2009-07-26 21:51 136 ----a-w- c:\documents and settings\WTF\Local Settings\Application Data\fusioncache.dat
2009-05-17 21:20 . 2009-07-26 21:51 51976 ----a-w- c:\documents and settings\WTF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-10 2000152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-12 27136]

c:\documents and settings\WTF\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2009-5-18 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-10 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2009 12:41 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/10/2009 12:41 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/19/2009 2:18 PM 297752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-13 17:23
ComboFix-quarantined-files.txt 2009-08-13 21:23

Pre-Run: 242,063,876,096 bytes free
Post-Run: 246,287,769,600 bytes free

371

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:12 PM

Posted 14 August 2009 - 03:15 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



==================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 ahsjose

ahsjose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 14 August 2009 - 04:50 PM

here ya go...


ComboFix 09-08-10.06 - HP_Administrator 08/14/2009 17:42.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.738 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator.JOSE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator.JOSE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 16:02 . 2009-08-14 16:02 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Identities
2009-08-14 14:31 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-14 14:30 . 2009-08-14 14:30 -------- d-----w- c:\windows\Logs
2009-08-14 08:35 . 2009-08-14 08:35 -------- d-----w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\Identities
2009-08-14 01:52 . 2009-08-14 01:53 -------- d-----w- C:\Netgame
2009-08-13 23:56 . 2009-08-13 23:56 -------- d-----w- c:\windows\system32\LogFiles
2009-08-13 22:29 . 2009-08-14 03:58 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\PMB Files
2009-08-13 14:23 . 2009-08-13 14:23 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Ares
2009-08-13 14:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 14:00 . 2009-06-03 19:09 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2009-08-13 14:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-08-13 14:00 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-08-13 14:00 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-08-13 14:00 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-08-13 14:00 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-08-13 14:00 . 2009-04-17 12:26 1847168 ------w- c:\windows\system32\dllcache\win32k.sys
2009-08-13 14:00 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-08-13 14:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-13 14:00 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-12 19:34 . 2009-08-12 19:34 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Apple Computer
2009-08-12 15:58 . 2009-08-12 15:58 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-12 15:58 . 2009-08-12 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-12 15:57 . 2009-07-10 11:01 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-12 15:57 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-12 15:57 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-12 15:57 . 2009-07-14 18:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-12 15:57 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-12 01:09 . 2009-08-12 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-12 01:09 . 2009-08-12 01:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-12 01:08 . 2009-08-12 01:08 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\scripting
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\en
2009-08-11 20:02 . 2009-08-11 20:02 -------- d-----w- c:\windows\system32\bits
2009-08-11 16:52 . 2008-04-13 18:43 9728 ------w- c:\windows\system32\comsdupd.exe
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Malwarebytes
2009-08-11 16:12 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 16:12 . 2009-08-11 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 16:12 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 16:05 . 2009-08-11 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\SUPERAntiSpyware.com
2009-08-11 16:04 . 2009-08-11 16:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 14:34 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Apple
2009-08-11 14:34 . 2009-08-11 14:34 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Apple Computer
2009-08-11 13:13 . 2009-08-14 18:07 -------- d-----w- c:\program files\Steam
2009-08-11 12:42 . 2009-08-11 12:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 02:12 . 2009-08-11 02:12 -------- d-----w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\Adobe
2009-08-10 18:19 . 2009-08-10 18:19 -------- d-s---w- c:\documents and settings\WTF.JOSE\UserData
2009-08-10 18:17 . 2009-08-14 19:19 -------- d-----w- c:\documents and settings\WTF.JOSE\Tracing
2009-08-10 18:05 . 2009-08-10 18:05 -------- d-----w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\Mozilla
2009-08-10 17:51 . 2009-08-10 17:51 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\VSRevoGroup
2009-08-10 17:31 . 2009-08-10 17:31 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\AdobeUM
2009-08-10 17:30 . 2009-08-10 17:30 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Adobe
2009-08-10 16:56 . 2009-08-10 16:56 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\Yahoo!
2009-08-10 16:41 . 2009-08-10 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-10 16:41 . 2009-08-10 16:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-10 16:41 . 2009-08-10 16:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-10 16:41 . 2009-08-10 16:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-10 16:41 . 2009-08-14 12:46 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-10 16:08 . 2009-08-10 16:08 -------- d-----w- c:\docume~1\HP_ADM~1.JOS\APPLIC~1\AVG8
2009-08-10 15:52 . 2009-08-10 15:52 -------- d-----w- c:\program files\VS Revo Group
2009-08-10 15:30 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-09 23:19 . 2009-08-09 23:19 -------- d-s---w- c:\documents and settings\HP_Administrator.JOSE\UserData
2009-08-09 23:19 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-09 23:19 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-09 23:14 . 2009-02-06 11:06 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-09 18:21 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-08-09 18:21 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-08-09 18:21 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-08-09 18:21 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-08-09 18:20 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-08-09 18:20 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-08-09 18:20 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-08-09 18:20 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-08-09 18:20 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-08-09 18:20 . 2008-04-13 18:46 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-08-09 18:20 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-08-09 18:00 . 2009-08-14 08:30 -------- d-sh--r- c:\windows\system32\dllcache
2009-08-09 15:40 . 2009-08-14 18:19 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Tracing
2009-08-09 15:33 . 2009-08-09 15:33 -------- d-----w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\Mozilla
2009-08-09 15:32 . 2004-10-26 03:17 90112 ----a-w- c:\windows\system32\ps2.EXE
2009-08-09 15:27 . 2009-05-18 04:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-09 15:27 . 2009-05-18 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-08-09 15:27 . 2009-05-18 04:16 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-08-09 05:19 . 2009-08-09 05:19 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-08 15:32 . 2009-08-08 15:32 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Ares
2009-08-08 15:32 . 2009-08-08 15:32 -------- d-----w- c:\program files\Ares
2009-08-07 23:57 . 2009-08-13 23:00 -------- d-----w- C:\Nexon
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\program files\Common Files\SRMic
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\windows\LHSP
2009-08-05 18:48 . 2009-08-05 18:48 -------- d-----w- c:\windows\ASR3232
2009-08-05 18:48 . 1999-06-07 16:32 81920 ------w- c:\windows\asr3232.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 15:32 . 2009-08-04 15:32 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Identities
2009-08-04 13:55 . 2009-08-04 13:55 -------- d-----w- c:\program files\AutoHotkey
2009-08-04 13:30 . 2009-08-09 05:29 -------- d-----w- c:\documents and settings\WTF\Application Data\Metacafe
2009-08-04 13:28 . 2009-08-09 14:28 -------- d-----w- c:\program files\Common Files\Akamai
2009-08-04 13:28 . 2009-08-09 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2009-08-03 22:38 . 2009-08-03 22:38 -------- d-----w- c:\program files\MTA San Andreas
2009-08-01 22:19 . 2009-08-14 03:32 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-01 19:11 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-01 19:07 . 2009-08-01 19:07 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 20:31 . 2009-07-29 20:31 -------- d-sh--w- c:\documents and settings\WTF\PrivacIE
2009-07-29 20:31 . 2009-07-29 20:31 -------- d-----w- c:\documents and settings\WTF\Application Data\Yahoo!
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 01:57 . 2009-08-09 03:38 -------- d-----w- c:\documents and settings\WTF\Tracing
2009-07-27 18:46 . 2009-08-08 19:01 -------- d-----w- c:\documents and settings\WTF\Application Data\Apple Computer
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\iPod
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\iTunes
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-27 18:46 . 2009-07-27 18:46 -------- d-----w- c:\program files\Bonjour
2009-07-27 18:45 . 2009-07-27 18:45 -------- d-----w- c:\program files\QuickTime
2009-07-27 18:45 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-27 18:44 . 2009-07-27 18:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-27 18:37 . 2009-07-27 18:46 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Apple Computer
2009-07-26 22:37 . 2009-07-26 22:37 -------- d-----w- c:\documents and settings\WTF\Application Data\AdobeUM
2009-07-26 22:36 . 2009-07-26 22:37 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Adobe
2009-07-26 22:33 . 2009-07-26 22:33 152576 ----a-w- c:\documents and settings\WTF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-26 22:14 . 2009-07-26 22:14 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\AVG Security Toolbar
2009-07-26 22:14 . 2009-07-26 22:14 -------- d-----w- c:\documents and settings\WTF\Local Settings\Application Data\Mozilla
2009-07-26 22:03 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 23:00 . 2009-05-30 21:17 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-08-13 23:00 . 2009-05-30 21:17 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-08-13 23:00 . 2009-05-30 21:17 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-08-13 23:00 . 2009-05-30 21:17 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-08-13 23:00 . 2009-05-30 21:17 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-08-13 23:00 . 2009-05-30 21:17 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-08-13 22:33 . 2009-05-30 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-08-13 17:35 . 2009-08-09 15:29 144 ----a-w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\fusioncache.dat
2009-08-12 01:27 . 2009-05-18 04:05 53336 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:05 . 2005-08-31 11:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-11 20:04 . 2009-08-11 20:04 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-08-11 20:04 . 2009-08-11 20:04 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-08-11 20:04 . 2009-08-11 20:04 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-08-11 20:04 . 2009-08-11 20:04 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-08-11 20:04 . 2009-08-11 20:04 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-08-11 20:04 . 2009-08-11 20:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-08-11 20:04 . 2009-08-11 20:04 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-08-11 20:04 . 2009-08-11 20:04 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-08-11 20:04 . 2009-08-11 20:04 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-08-11 07:18 . 2009-05-18 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-11 07:18 . 2009-05-18 04:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 17:26 . 2009-05-18 04:12 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-10 17:20 . 2009-05-18 04:05 -------- d-----w- c:\program files\Common Files\Real
2009-08-10 17:19 . 2009-05-18 03:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-10 17:18 . 2009-05-18 04:07 -------- d-----w- c:\program files\Sonic
2009-08-10 17:05 . 2009-05-18 04:07 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-10 17:02 . 2009-06-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-10 16:47 . 2009-05-18 04:06 -------- d-----w- c:\program files\Netscape
2009-08-10 16:41 . 2009-05-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-09 23:19 . 2009-05-18 04:24 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-08-09 15:32 . 2009-08-09 15:32 1834 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER890AA-ABA a1410n_YC_0Pavi_QCNH610_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M959_J320_7AMD_8Athlon 64_92.4_#090517_N_Z11C10620_G10DE0241_OTSSTcorp CD DVDW TS-H552L.MRK
2009-08-05 18:59 . 2009-05-31 02:51 -------- d-----w- c:\program files\Subagames
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 01:56 . 2009-06-13 15:03 -------- d-----w- c:\program files\Windows Live
2009-07-17 19:01 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-05-18 04:49 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-05-18 04:49 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-05-18 04:49 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-05-18 04:49 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2009-05-18 04:49 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-05-18 04:49 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-05-18 04:49 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 17:35 . 2009-07-14 17:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 17:35 . 2009-07-14 17:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 17:35 . 2009-07-14 17:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 17:35 . 2009-07-14 17:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 17:34 . 2009-07-14 17:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 17:34 . 2009-07-14 17:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 17:34 . 2009-07-14 17:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 17:34 . 2009-07-14 17:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 17:34 . 2009-07-14 17:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 17:34 . 2009-07-14 17:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 17:34 . 2009-07-14 17:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 17:34 . 2009-07-14 17:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 17:34 . 2009-07-14 17:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 18:22 . 2009-07-13 18:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 14:08 . 2004-08-10 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2004-08-10 11:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-12 12:31 . 2004-08-10 11:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 18:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 11:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 11:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 17:34 . 2009-05-28 17:31 78907 ----a-w- c:\windows\hpfins05.dat
2009-05-19 00:21 . 2009-05-19 00:21 19 ----a-w- c:\windows\popcinfo.dat
2009-05-18 04:34 . 2009-08-10 18:03 136 ----a-w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\fusioncache.dat
2009-05-18 04:34 . 2009-05-18 04:34 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-05-18 04:21 . 2009-05-18 04:21 118842 ----a-r- c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
2009-05-18 04:21 . 2009-05-18 04:21 14316 ----a-w- c:\windows\system32\CHODDI.SYS
2009-05-18 04:20 . 2009-08-10 18:03 51976 ----a-w- c:\documents and settings\WTF.JOSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 04:20 . 2009-08-09 15:29 51976 ----a-w- c:\documents and settings\HP_Administrator.JOSE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 04:02 . 2009-05-18 04:02 80417 ----a-w- c:\windows\HPHins08.dat
2009-05-18 04:01 . 2009-05-18 04:01 72881 ----a-w- c:\windows\hpiins01.dat
2009-05-18 04:01 . 2009-05-18 03:58 87276 ----a-w- c:\windows\hpqins69.dat
2009-05-18 03:57 . 2009-05-18 03:56 112873 ----a-w- c:\windows\hpoins07.dat
2009-05-18 03:56 . 2009-05-18 03:54 88403 ----a-w- c:\windows\hpoins06.dat
2009-05-18 02:33 . 2009-05-18 02:33 0 ----a-w- c:\windows\nsreg.dat
2009-05-17 21:34 . 2009-07-26 21:51 136 ----a-w- c:\documents and settings\WTF\Local Settings\Application Data\fusioncache.dat
2009-05-17 21:20 . 2009-07-26 21:51 51976 ----a-w- c:\documents and settings\WTF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_21.21.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 14:39 . 2009-08-14 14:39 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2009-08-14 14:31 . 2005-12-05 22:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2009-08-14 14:31 . 2007-04-04 22:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-08-14 14:31 . 2006-07-28 13:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-08-14 14:31 . 2006-03-31 16:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-08-14 14:32 . 2009-03-16 18:18 69448 c:\windows\system32\XAPOFX1_3.dll
+ 2009-08-14 14:32 . 2008-10-27 14:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2009-08-14 14:32 . 2008-07-30 10:20 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-08-14 14:32 . 2008-05-30 18:17 65032 c:\windows\system32\XAPOFX1_0.dll
+ 2009-08-14 14:32 . 2009-03-16 18:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2009-08-14 14:32 . 2008-10-27 14:04 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2009-08-14 14:32 . 2008-05-30 18:17 25608 c:\windows\system32\X3DAudio1_4.dll
+ 2009-08-14 14:32 . 2008-03-05 20:00 25608 c:\windows\system32\X3DAudio1_3.dll
+ 2009-08-14 14:31 . 2007-10-22 07:37 17928 c:\windows\system32\X3DAudio1_2.dll
+ 2009-08-14 14:31 . 2007-03-05 16:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-08-14 14:31 . 2006-02-03 12:41 14032 c:\windows\system32\x3daudio1_0.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2004-08-10 11:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
- 2009-05-18 04:34 . 2007-08-11 00:46 26488 c:\windows\system32\spupdsvc.exe
+ 2009-05-18 04:34 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2009-05-18 04:39 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2009-05-18 04:39 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 11:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
- 2004-08-10 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-08-10 11:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2005-08-31 11:07 . 2009-08-14 12:47 53640 c:\windows\system32\perfc009.dat
- 2005-08-31 11:07 . 2009-08-12 13:59 53640 c:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-10 11:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-10 11:00 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 11:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
- 2004-08-10 11:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-10 11:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-05-18 04:16 . 2009-08-11 18:23 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-08-14 14:31 . 2009-08-14 14:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-08-14 08:26 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB954459$\spmsg.dll
+ 2009-08-14 08:26 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB954459$\spcustom.dll
+ 2009-08-14 08:29 . 2007-11-30 12:39 17272 c:\windows\$NtUninstallKB951978$\spmsg.dll
+ 2009-08-14 08:29 . 2007-11-30 12:39 26488 c:\windows\$NtUninstallKB951978$\spcustom.dll
- 2009-05-18 04:16 . 2009-08-11 18:23 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-08-14 14:32 . 2009-03-16 18:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2009-08-14 14:32 . 2008-10-27 14:04 514384 c:\windows\system32\XAudio2_3.dll
+ 2009-08-14 14:32 . 2008-07-30 10:20 509448 c:\windows\system32\XAudio2_2.dll
+ 2009-08-14 14:32 . 2008-05-30 18:19 507400 c:\windows\system32\XAudio2_1.dll
+ 2009-08-14 14:32 . 2008-03-05 20:03 479752 c:\windows\system32\XAudio2_0.dll
+ 2009-08-14 14:32 . 2009-03-16 18:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2009-08-14 14:32 . 2008-10-27 14:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2009-08-14 14:32 . 2008-07-30 10:20 238088 c:\windows\system32\xactengine3_2.dll
+ 2009-08-14 14:32 . 2008-05-30 18:18 238088 c:\windows\system32\xactengine3_1.dll
+ 2009-08-14 14:32 . 2008-03-05 20:03 238088 c:\windows\system32\xactengine3_0.dll
+ 2009-08-14 14:31 . 2007-07-20 04:57 267112 c:\windows\system32\xactengine2_9.dll
+ 2009-08-14 14:31 . 2007-06-21 00:46 266088 c:\windows\system32\xactengine2_8.dll
+ 2009-08-14 14:31 . 2007-04-04 22:55 261480 c:\windows\system32\xactengine2_7.dll
+ 2009-08-14 14:31 . 2007-01-24 19:27 255848 c:\windows\system32\xactengine2_6.dll
+ 2009-08-14 14:31 . 2006-12-08 16:02 251672 c:\windows\system32\xactengine2_5.dll
+ 2009-08-14 14:31 . 2006-09-28 20:05 237848 c:\windows\system32\xactengine2_4.dll
+ 2009-08-14 14:31 . 2006-07-28 13:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2009-08-14 14:31 . 2006-05-31 11:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2009-08-14 14:31 . 2007-10-22 07:39 267272 c:\windows\system32\xactengine2_10.dll
+ 2009-08-14 14:31 . 2006-03-31 16:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2009-08-14 14:31 . 2006-02-03 12:42 230096 c:\windows\system32\xactengine2_0.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 155648 c:\windows\system32\wscript.exe
+ 2004-08-10 11:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
- 2004-08-10 11:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-10 11:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-10 11:00 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 11:00 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 11:00 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-10 11:00 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll
+ 2004-08-10 11:00 . 2009-06-26 16:50 620032 c:\windows\system32\urlmon.dll
+ 2004-08-10 11:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
- 2004-08-10 11:00 . 2008-04-14 00:12 172032 c:\windows\system32\scrrun.dll
+ 2004-08-10 11:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
+ 2004-08-10 11:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 180224 c:\windows\system32\scrobj.dll
+ 2004-08-10 11:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2004-08-10 11:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-10 11:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2005-08-31 11:07 . 2009-08-12 13:59 382022 c:\windows\system32\perfh009.dat
+ 2005-08-31 11:07 . 2009-08-14 12:47 382022 c:\windows\system32\perfh009.dat
- 2004-08-10 11:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-10 11:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
+ 2004-08-10 18:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-10 11:00 . 2008-10-15 16:34 337408 c:\windows\system32\netapi32.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 337408 c:\windows\system32\netapi32.dll
+ 2004-08-10 11:00 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2004-08-10 11:00 . 2008-04-14 00:12 245248 c:\windows\system32\mswsock.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 11:00 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 11:00 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 11:00 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-10 11:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2004-08-10 11:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-10 11:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 512000 c:\windows\system32\jscript.dll
+ 2004-08-10 11:00 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 691712 c:\windows\system32\inetcomm.dll
+ 2004-08-10 11:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
+ 2005-08-31 11:05 . 2009-08-14 12:42 201736 c:\windows\system32\FNTCACHE.DAT
- 2005-08-31 11:05 . 2009-08-12 13:55 201736 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 11:00 . 2008-07-07 20:26 253952 c:\windows\system32\es.dll
+ 2004-08-10 11:00 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-10 11:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-10 11:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2004-08-10 11:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2004-08-10 11:00 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys
+ 2004-08-10 11:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-10 11:00 . 2008-06-20 17:46 147968 c:\windows\system32\dnsapi.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 147968 c:\windows\system32\dnsapi.dll
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2004-08-10 11:00 . 2009-07-13 14:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-08-13 14:01 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-08-13 14:01 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 666624 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-20 11:08 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2009-08-13 14:01 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-08-13 14:01 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-08-13 14:01 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-08-13 14:01 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2004-08-10 11:00 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
- 2004-08-10 11:00 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2009-08-13 14:01 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
+ 2009-08-13 14:01 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2009-08-13 14:01 . 2008-06-13 11:05 272128 c:\windows\system32\dllcache\bthport.sys
+ 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2009-08-13 14:01 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2009-08-14 14:32 . 2009-03-09 19:27 453456 c:\windows\system32\d3dx10_41.dll
+ 2009-08-14 14:32 . 2008-10-10 08:52 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-08-14 14:32 . 2008-07-10 15:01 467984 c:\windows\system32\d3dx10_39.dll
+ 2009-08-14 14:32 . 2008-05-30 18:11 467984 c:\windows\system32\d3dx10_38.dll
+ 2009-08-14 14:31 . 2008-02-06 03:07 462864 c:\windows\system32\d3dx10_37.dll
+ 2009-08-14 14:31 . 2007-10-02 13:56 444776 c:\windows\system32\d3dx10_36.dll
+ 2009-08-14 14:31 . 2007-07-19 22:14 444776 c:\windows\system32\d3dx10_35.dll
+ 2009-08-14 14:31 . 2007-05-16 20:45 443752 c:\windows\system32\d3dx10_34.dll
+ 2009-08-14 14:31 . 2007-03-15 20:57 443752 c:\windows\system32\d3dx10_33.dll
+ 2004-08-10 11:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
+ 2004-08-10 11:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2004-08-10 11:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2009-08-14 14:31 . 2006-03-31 15:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2006-02-03 11:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-12-05 21:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-09-28 18:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-07-22 21:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-05-26 19:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-03-18 21:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-02-05 23:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2009-08-14 14:31 . 2005-03-18 20:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-05-18 04:16 . 2009-08-14 08:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-05-18 04:16 . 2009-08-11 18:23 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-05-18 04:16 . 2009-08-14 08:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-08-11 07:04 . 2009-08-11 07:04 464272 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL
+ 2003-07-15 17:18 . 2003-07-15 17:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2009-08-13 14:00 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-02-12 02:13 . 2009-02-12 02:13 509368 c:\windows\Downloaded Program Files\mglaunch_USAv1004.exe
+ 2009-02-12 15:13 . 2009-02-12 15:13 509368 c:\windows\Downloaded Program Files\CONFLICT.1\mglaunch_USAv1004.exe
+ 2009-02-12 15:13 . 2009-02-12 15:13 181688 c:\windows\Downloaded Program Files\CONFLICT.1\mglaunch_USAv1004.dll
+ 2009-08-14 08:29 . 2009-08-14 08:29 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-08-14 08:26 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB954459$\updspapi.dll
+ 2009-08-14 08:26 . 2007-11-30 12:39 755576 c:\windows\$NtUninstallKB954459$\update.exe
+ 2009-08-14 08:26 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB954459$\spuninst.exe
+ 2009-08-14 08:29 . 2008-04-14 00:12 434176 c:\windows\$NtUninstallKB951978$\vbscript.dll
+ 2009-08-14 08:29 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB951978$\updspapi.dll
+ 2009-08-14 08:29 . 2007-11-30 12:39 755576 c:\windows\$NtUninstallKB951978$\update.exe
+ 2009-08-14 08:29 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB951978$\spuninst.exe
+ 2009-08-14 08:29 . 2008-04-14 00:11 512000 c:\windows\$NtUninstallKB951978$\jscript.dll
+ 2009-08-13 14:01 . 2008-04-15 17:47 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2004-08-10 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-10 11:00 . 2009-07-13 14:08 5537792 c:\windows\system32\wmp.dll
+ 2004-08-10 11:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
- 2004-08-10 11:00 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-10 11:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2004-08-10 11:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
+ 2009-08-11 16:53 . 2008-09-10 01:14 1307648 c:\windows\system32\msxml6.dll
+ 2004-08-10 11:00 . 2009-07-18 16:05 3069440 c:\windows\system32\mshtml.dll
- 2004-08-10 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-10 11:00 . 2009-07-13 14:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2009-03-02 23:04 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-08-13 14:01 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-08-13 14:01 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-08-13 14:01 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-08-13 14:01 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-08-11 16:53 . 2008-09-10 01:14 1307648 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-10 11:00 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-02-20 08:11 . 2009-07-18 16:05 3069440 c:\windows\system32\dllcache\mshtml.dll
+ 2009-08-14 14:32 . 2009-03-09 19:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2009-08-14 14:32 . 2008-10-10 08:52 4379984 c:\windows\system32\D3DX9_40.dll
+ 2009-08-14 14:32 . 2008-07-10 15:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-08-14 14:32 . 2008-05-30 18:11 3850760 c:\windows\system32\D3DX9_38.dll
+ 2009-08-14 14:31 . 2008-03-05 19:56 3786760 c:\windows\system32\D3DX9_37.dll
+ 2009-08-14 14:31 . 2007-10-12 19:14 3734536 c:\windows\system32\d3dx9_36.dll
+ 2009-08-14 14:31 . 2007-07-19 22:14 3727720 c:\windows\system32\d3dx9_35.dll
+ 2009-08-14 14:31 . 2007-05-16 20:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-08-14 14:31 . 2007-03-12 20:42 3495784 c:\windows\system32\d3dx9_33.dll
+ 2009-08-14 14:31 . 2006-11-29 17:06 3426072 c:\windows\system32\d3dx9_32.dll
+ 2009-08-14 14:31 . 2006-09-28 20:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-08-14 14:31 . 2006-03-31 16:40 2388176 c:\windows\system32\d3dx9_30.dll
+ 2009-08-14 14:31 . 2006-02-03 12:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-08-14 14:31 . 2005-12-05 22:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-08-14 14:31 . 2005-07-22 23:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2009-08-14 14:31 . 2005-05-26 19:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-08-14 14:31 . 2005-03-18 21:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-08-14 14:31 . 2005-02-05 23:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-08-14 14:32 . 2009-03-09 19:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2009-08-14 14:32 . 2008-10-10 08:52 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2009-08-14 14:32 . 2008-07-10 15:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2009-08-14 14:32 . 2008-05-30 18:11 1491992 c:\windows\system32\D3DCompiler_38.dll
+ 2009-08-14 14:31 . 2007-10-12 19:14 1374232 c:\windows\system32\D3DCompiler_36.dll
+ 2009-08-14 14:31 . 2007-07-19 22:14 1358192 c:\windows\system32\D3DCompiler_35.dll
+ 2009-08-14 14:31 . 2007-05-16 20:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-08-14 14:31 . 2007-03-12 20:42 1123696 c:\windows\system32\D3DCompiler_33.dll
+ 2009-08-14 14:31 . 2004-12-01 19:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2004-09-29 16:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-05 06:11 . 2009-08-05 06:11 5518848 c:\windows\Installer\3127b.msp
+ 2009-07-01 17:21 . 2009-07-01 17:21 8891904 c:\windows\Installer\31267.msp
+ 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2009-08-14 14:31 . 2009-08-14 14:31 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-08-14 14:31 . 2009-08-14 14:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-01 17:19 . 2009-07-01 17:19 10607104 c:\windows\Installer\31268.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-10 2000152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-12 27136]

c:\documents and settings\WTF\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-12 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2009-5-18 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-10 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56835:TCP"= 56835:TCP:Pando Media Booster
"56835:UDP"= 56835:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/10/2009 12:41 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/10/2009 12:41 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/19/2009 2:18 PM 297752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-08-14 17:48
ComboFix-quarantined-files.txt 2009-08-14 21:48
ComboFix2.txt 2009-08-13 21:23

Pre-Run: 243,574,804,480 bytes free
Post-Run: 243,579,240,448 bytes free

619 --- E O F --- 2009-08-14 08:30

#6 ahsjose

ahsjose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 14 August 2009 - 08:36 PM

and malwarebytes's log


Malwarebytes' Anti-Malware 1.40
Database version: 2627
Windows 5.1.2600 Service Pack 3

8/14/2009 7:13:46 PM
mbam-log-2009-08-14 (19-13-46).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 242346
Time elapsed: 1 hour(s), 15 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Online Services\Aol\Canada\comps\fw\nisale.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Online Services\Aol\United States\AOL90\comps\fw\nisale.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Online Services\Aol\United States\AOL90E\comps\fw\nisale.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Online Services\Canada\AOL-MAX\comps\fw\nisale.exe (Adware.BHO) -> Quarantined and deleted successfully.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:12 PM

Posted 15 August 2009 - 02:15 PM

Looks pretty good to me. How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 ahsjose

ahsjose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 15 August 2009 - 04:31 PM

much better...thank you so much :thumbup2:

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:12 PM

Posted 16 August 2009 - 12:10 PM

Great to hear!


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:12 PM

Posted 05 September 2009 - 10:17 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users