Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 and Windows police pro


  • This topic is locked This topic is locked
18 replies to this topic

#1 MarlonStafford

MarlonStafford

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 September 2009 - 04:36 PM

I cant run Malwarebytes , Hijackthis, Or half the antivirus's and other stuff and
i cant boot my computer on regular mode is just stays on the "Welcome" Screen the whole time
and sometimes music/best buy ads start playing out of nowhere but i found out now that theres
an iexplore.exe open in task manager and WinDiag32k was the only thing i could run so heres the log

Log file is located at: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB939653\KB939653

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB942615\KB942615

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.file_store_32\rsmap\rsmap

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.jagex_cache_32\rsmap\rsmap

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.mpr_file_store_32\HybridScape2\characters\characters

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.mpr_file_store_32\HybridScape2\data\data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.mpr_file_store_32\vanhat\vanhat

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP173.tmp\ZAP173.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\ASM\ASM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\Prefetch\layout.ini

[1] 2009-09-02 11:22:57 398838 C:\WINDOWS\Prefetch\layout.ini ()



Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\.svn\props\props

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\.svn\tmp\prop-base\prop-base

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\.svn\tmp\props\props

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\.svn\tmp\text-base\text-base

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-3512657003-2571298840-4057108654-1006\S-1-5-21-3512657003-2571298840-4057108654-1006

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\ATI\ACE\ACE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}\{635ADD3D-5CEF-4046-8DBD-8F7AA70C8272}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver\PictureDir\PictureDir

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\2e7b0d5585ab\2e7b0d5585ab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\39c7891d6af1\39c7891d6af1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Money\15.0\Webcache\Webcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-10 14:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2004-08-10 14:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\GroupPolicy\User\User

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Macromed\Download\Download

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!


Please help me,
Thanks Marlon.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 September 2009 - 12:45 PM

Please download The Avenger by Swandog46 and unzip it to your Desktop


Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..

Begin copying here:
Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  • Now, click on Execute. Just say Yes at every prompted
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply.



NEXT

Go to Start >> Run >> copy/paste below >> Enter. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 10 September 2009 - 04:48 PM

thanks for the reply im getting pretty desperate

heres the avenger log

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\logevent.dll" not found!
File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

#4 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 10 September 2009 - 04:49 PM

Combo-Fix Log

ComboFix 09-09-10.01 - Owner 09/10/2009 16:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.607 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-B056543DD8\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-2063877949
c:\documents and settings\All Users\Application Data\horym.dl
c:\documents and settings\All Users\Application Data\orekilemiw.inf
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\botu.scr
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\gameguf.bat
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\inst.exe
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\ucoje.bat
c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\uvogyk.scr
c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\aqar.vbs
c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ylufepiryx.dl
c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Temporary Internet Files\epyka.com
c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Temporary Internet Files\fekela.pif
c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Temporary Internet Files\yjow._sy
c:\program files\Common Files\egywytyvyn.reg
c:\program files\Common Files\ilicame.reg
c:\program files\Protection System
c:\program files\Protection System\blacklist.cga
c:\program files\Protection System\core.cga
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\recycler\S-1-5-21-0344290069-1165611474-945545754-0684
c:\recycler\S-1-5-21-0435658964-0046849600-950593572-7217
c:\recycler\S-1-5-21-1154622326-3016311852-2493100100-500
c:\recycler\S-1-5-21-2517329574-5703376386-372065932-6354
c:\recycler\S-1-5-21-4896760237-5336952245-056261769-0646
c:\recycler\S-1-5-21-5260065985-2845090780-664737222-4469
c:\recycler\S-1-5-21-5435464363-3142127966-105090635-7201
c:\recycler\S-1-5-21-6282647630-1010660103-870781879-8486
c:\recycler\S-1-5-21-8327279236-5544353978-979662680-8143
c:\recycler\S-1-5-21-9945150639-0113418230-443933561-7879
c:\windows\f23567.dat
c:\windows\iwopy.vbs
c:\windows\kb913800.exe
c:\windows\msmark2.dat
c:\windows\ofozirew.ban
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\run.log
c:\windows\sonce122714.dat
c:\windows\sonce122739.dat
c:\windows\system32\~.exe
c:\windows\system32\avwa.dll
c:\windows\system32\bennuar.old
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus\Rapid Antivirus.ini
c:\windows\system32\drivers\rotscxxwpoorwu.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekadaijemwc.sys
c:\windows\system32\Drivers\tcwdbn.sys
c:\windows\system32\drivers\UACxfumprtbvd.sys
c:\windows\system32\drivers\wkyrfoak.sys
c:\windows\system32\gomonoye.dll
c:\windows\system32\hawalupe.dll
c:\windows\system32\layezefu.dll
c:\windows\system32\onhelp.htm
c:\windows\system32\rotscxcblcvnpq.dat
c:\windows\system32\rotscxibmnmdbx.dat
c:\windows\system32\rotscxldfvmprq.dat
c:\windows\system32\rotscxlhbqyaoy.dll
c:\windows\system32\rotscxspymdibi.dll
c:\windows\system32\rotscxtgvnkssi.dll
c:\windows\system32\rotscxtpiesobm.dat
c:\windows\system32\rotscxtsexrtft.dll
c:\windows\system32\rotscxuyusibch.dat
c:\windows\system32\rotscxyyueoblc.dll
c:\windows\system32\senekanftjlbbo.dll
c:\windows\system32\senekansqteppy.dll
c:\windows\system32\senekaskklyxws.dll
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\taJF83ikdmf.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjelwbwwejx.dll
c:\windows\system32\UACjuklllovmp.dat
c:\windows\system32\UACkkdulnbmqp.dll
c:\windows\system32\UACvassuxrmas.dll
c:\windows\system32\UACxnsgfthosq.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\ycelemuz.bat
c:\windows\Tasks\uemeyucp.job
c:\windows\wiaserviv.log
C:\xcrashdump.dat
C:\xvhu.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rotscxyxevpavh
-------\Legacy_rotscxyxevpavh
-------\Service_seneka
-------\Legacy_seneka
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_ANTIPPRO2009_100
-------\Legacy_fci
-------\Legacy_ICF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 01:59 . 2009-09-10 02:04 45 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-09-10 01:59 . 2009-09-10 02:33 37 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-09-09 21:28 . 2009-09-09 22:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 01:13 . 2009-09-09 01:13 40448 ----a-w- c:\windows\system32\lkod.dll
2009-09-06 20:12 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-06 20:12 . 2009-09-06 20:12 -------- d-----w- c:\program files\Panda Security
2009-09-06 19:54 . 2009-09-06 22:41 -------- d--h--w- c:\windows\PIF
2009-09-06 19:40 . 2009-09-06 19:40 -------- d-sh--we c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown
2009-09-06 19:24 . 2009-09-06 19:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-05 18:19 . 2009-09-05 18:25 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\DoctorWeb
2009-09-05 00:22 . 2009-09-05 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-05 00:22 . 2009-09-05 00:22 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ESET
2009-09-05 00:21 . 2009-09-05 00:21 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\ESET
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\program files\ESET
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-04 22:30 . 2009-09-04 22:30 -------- d-----w- c:\program files\Enigma Software Group
2009-09-04 21:53 . 2009-09-04 21:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-09-04 20:54 . 2009-09-04 23:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-04 20:54 . 2009-09-04 23:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 20:54 . 2009-09-04 23:35 -------- d-----w- c:\program files\Spyware Doctor
2009-09-04 20:35 . 2009-09-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-04 20:34 . 2009-09-04 20:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-04 02:34 . 2009-09-05 01:42 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-02 21:11 . 2009-09-07 20:35 45 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\jagex_runescape_preferences2.dat
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\.mpr_file_store_32
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\.file_store_32
2009-08-28 22:03 . 2009-08-29 01:14 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-28 02:21 . 2009-08-28 22:02 -------- d-----w- C:\e98c25fad5a98b765892
2009-08-27 01:39 . 2009-09-02 20:44 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\FrostWire
2009-08-27 01:37 . 2009-09-02 14:51 -------- d-----w- c:\program files\AskBarDis
2009-08-27 01:37 . 2009-09-02 14:52 -------- d-----w- c:\program files\FrostWire
2009-08-24 02:10 . 2009-08-24 02:10 -------- d-----w- c:\windows\(2).jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 20:45 . 2009-07-23 02:29 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Skype
2009-09-10 01:06 . 2009-03-11 21:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 00:12 . 2009-03-13 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 23:54 . 2008-10-02 00:10 37 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\jagex_runescape_preferences.dat
2009-09-07 23:54 . 2008-06-06 18:42 -------- d-----w- c:\program files\SwiftKit
2009-09-06 20:41 . 2008-12-16 00:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-06 20:41 . 2008-12-15 23:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-04 21:09 . 2009-09-04 21:09 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-04 02:37 . 2006-11-25 01:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-08-30 00:05 . 2008-06-23 03:41 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\teamspeak2
2009-08-26 22:30 . 2007-01-12 15:47 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\LimeWire
2009-08-20 22:41 . 2009-07-23 02:31 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\skypePM
2009-08-17 16:10 . 2009-06-02 23:14 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-02 23:14 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-02 23:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-02 23:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-02 23:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-02 23:14 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-02 23:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-02 23:14 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-02 23:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-03 18:36 . 2009-03-13 19:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-03-13 19:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 03:53 . 2007-06-13 23:26 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Apple Computer
2009-07-24 02:54 . 2007-12-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 16:25 . 2008-06-09 22:56 -------- d-----w- c:\program files\Safari
2009-07-23 16:21 . 2009-07-23 16:21 -------- d-----w- c:\program files\iTunes
2009-07-23 16:21 . 2009-07-23 16:21 -------- d-----w- c:\program files\iPod
2009-07-23 16:21 . 2007-12-25 16:10 -------- d-----w- c:\program files\Common Files\Apple
2009-07-23 02:31 . 2009-07-23 02:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-23 02:30 . 2006-10-03 20:50 -------- d-----w- c:\program files\Google
2009-07-23 02:28 . 2009-07-23 02:27 -------- d-----r- c:\program files\Skype
2009-07-23 02:28 . 2009-07-23 02:28 -------- d-----w- c:\program files\Common Files\Skype
2009-07-23 02:27 . 2009-07-23 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 22:59 . 2009-07-16 22:59 134 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\wklnhst.dat
2009-07-16 22:59 . 2009-07-16 22:59 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Template
2008-10-11 22:34 . 2008-10-11 22:34 15115 ----a-w- c:\program files\Common Files\unaqyna.ban
2008-10-11 22:34 . 2008-10-11 22:34 12465 ----a-w- c:\program files\Common Files\oqipu.dll
2008-05-28 14:36 . 2008-06-06 18:29 87400 ----a-w- c:\program files\UnHyCam2.exe
2008-05-28 14:36 . 2008-06-06 18:29 882000 ----a-w- c:\program files\HyCam2.exe
2008-05-23 16:08 . 2008-06-06 18:29 3271 ----a-w- c:\program files\agreement.txt
2007-12-19 18:46 . 2008-06-06 18:29 114549 ----a-w- c:\program files\HyCam2.chm
2007-10-22 20:09 . 2008-06-06 18:29 106496 ----a-w- c:\program files\CamRes2.dll
2007-09-27 19:31 . 2008-06-06 18:29 5272 ----a-w- c:\program files\HyCam2.tlb
2007-08-11 23:15 . 2008-06-06 18:29 57344 ----a-w- c:\program files\MClick2.dll
2007-05-11 15:49 . 2007-05-11 15:49 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-01-31 21:34 . 2007-01-31 21:34 55040 ----a-w- c:\program files\MC
2006-07-09 10:13 . 2008-06-06 18:29 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57 . 2008-06-06 18:29 2018 ----a-w- c:\program files\readme.txt
2004-04-16 19:07 . 2008-06-06 18:29 675 ----a-w- c:\program files\HyCam2.cnt
1999-06-24 16:49 . 2008-06-06 18:29 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49 . 2008-06-06 18:29 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47 . 2008-06-06 18:29 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47 . 2008-06-06 18:29 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46 . 2008-06-06 18:29 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46 . 2008-06-06 18:29 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44 . 2008-06-06 18:29 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43 . 2008-06-06 18:29 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41 . 2008-06-06 18:29 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40 . 2008-06-06 18:29 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38 . 2008-06-06 18:29 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37 . 2008-06-06 18:29 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34 . 2008-06-06 18:29 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34 . 2008-06-06 18:29 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54 . 2008-06-06 18:29 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50 . 2008-06-06 18:29 326 ----a-w- c:\program files\16-11025u.wav
2008-09-04 21:32 . 2008-09-04 21:32 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-03 21:36 . 2009-02-03 21:36 2713 --sh--w- c:\windows\system32\ruvoziyi.dll
.

------- Sigcheck -------

[-] 2008-10-11 . 9B1BD82BD0761B5BA986AF66D2809C30 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[7] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-10-11 . B42DC46F86553351EB1B6CD30C8F6CDC . 295424 . . [5.1.2600.2627] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[7] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159909523\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Owner.YOUR-B056543DD8\\Desktop\\SUPERAntiSpywarePro\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/6/2009 3:12 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/2/2009 6:14 PM 114768]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Owner.YOUR-B056543DD8\Desktop\SUPERAntiSpywarePro\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/2009 6:14 PM 20560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S1 72a76d46;72a76d46;c:\windows\system32\drivers\72a76d46.sys --> c:\windows\system32\drivers\72a76d46.sys [?]
S2 gupdate1ca0b3d55776da2;Google Update Service (gupdate1ca0b3d55776da2);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 9:28 PM 133104]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/3/2006 3:50 PM 29744]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BEEP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BealkEi
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 02:28]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 02:28]

2006-11-25 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]

2006-11-25 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]

2006-11-25 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Mozilla\Firefox\Profiles\y5ipk32z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {3961010E-F9D4-4770-96CA-BD53C56ED078} - c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\{3961010E-F9D4-4770-96CA-BD53C56ED078}
FF - HiddenExtension: XUL Cache: {5AEA6A70-70DB-49A5-B8D3-336711A5C597} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{5AEA6A70-70DB-49A5-B8D3-336711A5C597}\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run--FreedomNeedsReboot - c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
HKLM-Run-sategesob - c:\windows\system32\zuragiwu.dll
SharedTaskScheduler-{db9cee12-ec83-4be7-adfa-f2e359032be0} - c:\windows\system32\zuragiwu.dll
SSODL-tudiwalof-{db9cee12-ec83-4be7-adfa-f2e359032be0} - c:\windows\system32\zuragiwu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 16:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\windows\SoftwareDistribution\Download\23c75921f82a64755971043291a77e00\update\update.exe
.
**************************************************************************
.
Completion time: 2009-09-10 16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 21:41

Pre-Run: 16,714,850,304 bytes free
Post-Run: 16,757,215,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

453 --- E O F --- 2009-09-10 21:30

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 10 September 2009 - 11:36 PM

You have two antivirus (Avast and ESET).. Uninstall one of them..


1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
72a76d46

File::
c:\windows\system32\ruvoziyi.dll
c:\windows\system32\drivers\72a76d46.sys

FCopy::
c:\windows\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\$NtUninstallKB895961$\termsrv.dll | c:\windows\system32\termsrv.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 11 September 2009 - 05:35 PM

ComboFix 09-09-10.01 - Owner 09/11/2009 16:50.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.510 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-B056543DD8\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-B056543DD8\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\drivers\72a76d46.sys"
"c:\windows\system32\ruvoziyi.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ruvoziyi.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\$NtUninstallKB895961$\termsrv.dll --> c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_72a76d46


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 22:06 . 2009-09-11 22:06 -------- d-----w- c:\windows\ServicePackFiles
2009-09-10 22:10 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:10 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 21:48 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-10 21:45 . 2009-03-06 14:00 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-10 21:45 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-09-10 21:45 . 2005-07-26 04:20 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-10 21:45 . 2009-02-09 10:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-10 21:45 . 2009-02-06 10:22 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-10 21:45 . 2009-02-09 10:01 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-10 21:45 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-10 21:44 . 2009-09-10 21:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-09-10 21:43 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-10 21:42 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-10 01:59 . 2009-09-10 02:04 45 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2009-09-10 01:59 . 2009-09-10 02:33 37 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2009-09-09 21:28 . 2009-09-09 22:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-09 01:13 . 2009-09-09 01:13 40448 ----a-w- c:\windows\system32\lkod.dll
2009-09-06 20:12 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-06 20:12 . 2009-09-06 20:12 -------- d-----w- c:\program files\Panda Security
2009-09-06 19:54 . 2009-09-06 22:41 -------- d--h--w- c:\windows\PIF
2009-09-06 19:40 . 2009-09-06 19:40 -------- d-sh--we c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown
2009-09-06 19:24 . 2009-09-06 19:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-05 18:19 . 2009-09-05 18:25 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\DoctorWeb
2009-09-05 00:22 . 2009-09-05 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-05 00:22 . 2009-09-05 00:22 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\ESET
2009-09-05 00:21 . 2009-09-05 00:21 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\ESET
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\program files\ESET
2009-09-05 00:19 . 2009-09-05 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-04 22:30 . 2009-09-04 22:30 -------- d-----w- c:\program files\Enigma Software Group
2009-09-04 21:53 . 2009-09-04 21:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-09-04 20:54 . 2009-09-04 23:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-04 20:54 . 2009-09-04 23:35 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 20:54 . 2009-09-04 23:35 -------- d-----w- c:\program files\Spyware Doctor
2009-09-04 20:35 . 2009-09-04 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-04 20:34 . 2009-09-04 20:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-02 21:11 . 2009-09-10 22:29 45 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\jagex_runescape_preferences2.dat
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\.mpr_file_store_32
2009-08-28 22:03 . 2009-08-28 22:03 -------- d-----w- c:\windows\.file_store_32
2009-08-28 22:03 . 2009-08-29 01:14 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-28 02:21 . 2009-08-28 22:02 -------- d-----w- C:\e98c25fad5a98b765892
2009-08-27 01:39 . 2009-09-02 20:44 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\FrostWire
2009-08-27 01:37 . 2009-09-02 14:51 -------- d-----w- c:\program files\AskBarDis
2009-08-27 01:37 . 2009-09-02 14:52 -------- d-----w- c:\program files\FrostWire
2009-08-24 02:10 . 2009-08-24 02:10 -------- d-----w- c:\windows\(2).jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 22:11 . 2006-10-03 21:04 -------- d-----w- c:\program files\Microsoft Works
2009-09-11 22:09 . 2008-05-15 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-11 21:43 . 2009-07-23 02:29 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Skype
2009-09-11 01:39 . 2008-10-02 00:10 37 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\jagex_runescape_preferences.dat
2009-09-10 22:10 . 2009-03-13 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 01:06 . 2009-03-11 21:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-07 23:54 . 2008-06-06 18:42 -------- d-----w- c:\program files\SwiftKit
2009-09-06 20:41 . 2008-12-16 00:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-06 20:41 . 2008-12-15 23:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-04 21:09 . 2009-09-04 21:09 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-04 02:37 . 2006-11-25 01:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-08-30 00:05 . 2008-06-23 03:41 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\teamspeak2
2009-08-26 22:30 . 2007-01-12 15:47 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\LimeWire
2009-08-20 22:41 . 2009-07-23 02:31 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\skypePM
2009-08-17 16:10 . 2009-06-02 23:14 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-06-02 23:14 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-06-02 23:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-06-02 23:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-06-02 23:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-06-02 23:14 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-06-02 23:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-06-02 23:14 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-06-02 23:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:11 . 2006-06-17 09:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-06-17 09:23 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 03:53 . 2007-06-13 23:26 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Apple Computer
2009-07-24 02:54 . 2007-12-25 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-23 16:25 . 2008-06-09 22:56 -------- d-----w- c:\program files\Safari
2009-07-23 16:21 . 2009-07-23 16:21 -------- d-----w- c:\program files\iTunes
2009-07-23 16:21 . 2009-07-23 16:21 -------- d-----w- c:\program files\iPod
2009-07-23 16:21 . 2007-12-25 16:10 -------- d-----w- c:\program files\Common Files\Apple
2009-07-23 02:31 . 2009-07-23 02:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-23 02:30 . 2006-10-03 20:50 -------- d-----w- c:\program files\Google
2009-07-23 02:28 . 2009-07-23 02:27 -------- d-----r- c:\program files\Skype
2009-07-23 02:28 . 2009-07-23 02:28 -------- d-----w- c:\program files\Common Files\Skype
2009-07-23 02:27 . 2009-07-23 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-19 13:33 . 2009-07-19 13:33 3597824 ------w- c:\windows\system32\SET380.tmp
2009-07-19 13:32 . 2009-07-19 13:32 6067200 ------w- c:\windows\system32\SET389.tmp
2009-07-17 18:55 . 2009-07-17 18:55 58880 ----a-w- c:\windows\system32\SET371.tmp
2009-07-16 22:59 . 2009-07-16 22:59 134 ----a-w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\wklnhst.dat
2009-07-16 22:59 . 2009-07-16 22:59 -------- d-----w- c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Template
2009-07-13 15:08 . 2006-06-17 09:24 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2009-06-29 16:12 827392 ------w- c:\windows\system32\SET377.tmp
2009-06-29 16:12 . 2009-06-29 16:12 1159680 ----a-w- c:\windows\system32\SET379.tmp
2009-06-29 16:12 . 2009-06-29 16:12 105984 ----a-w- c:\windows\system32\SET37A.tmp
2009-06-29 16:12 . 2009-06-29 16:12 52224 ------w- c:\windows\system32\SET381.tmp
2009-06-29 16:12 . 2009-06-29 16:12 459264 ------w- c:\windows\system32\SET382.tmp
2009-06-29 16:12 . 2009-06-29 16:12 268288 ------w- c:\windows\system32\SET386.tmp
2009-06-29 16:12 . 2009-06-29 16:12 63488 ------w- c:\windows\system32\SET391.tmp
2009-06-29 16:12 . 2009-06-29 16:12 380928 ------w- c:\windows\system32\SET38B.tmp
2009-06-29 16:12 . 2009-06-29 16:12 124928 ----a-w- c:\windows\system32\SET395.tmp
2009-06-29 16:12 . 2006-06-17 09:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-06-17 09:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-29 08:33 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\SET38C.tmp
2009-06-25 18:36 . 2009-06-25 18:36 95744 ----a-w- c:\windows\system32\SET2A7.tmp
2009-06-25 18:36 . 2009-06-25 18:36 661504 ----a-w- c:\windows\system32\SET2AA.tmp
2009-06-25 18:36 . 2009-06-25 18:36 517120 ----a-w- c:\windows\system32\SET2A6.tmp
2009-06-25 18:36 . 2009-06-25 18:36 48640 ----a-w- c:\windows\system32\SET2A2.tmp
2009-06-25 18:36 . 2009-06-25 18:36 471552 ----a-w- c:\windows\system32\SET2A1.tmp
2009-06-25 18:36 . 2009-06-25 18:36 47104 ----a-w- c:\windows\system32\SET2AD.tmp
2009-06-25 18:36 . 2009-06-25 18:36 225280 ----a-w- c:\windows\system32\SET2AB.tmp
2009-06-25 18:36 . 2009-06-25 18:36 186880 ----a-w- c:\windows\system32\SET2A3.tmp
2009-06-25 18:36 . 2009-06-25 18:36 177152 ----a-w- c:\windows\system32\SET2A9.tmp
2009-06-25 18:36 . 2009-06-25 18:36 16896 ----a-w- c:\windows\system32\SET2AC.tmp
2009-06-25 18:36 . 2009-06-25 18:36 138240 ----a-w- c:\windows\system32\SET2AF.tmp
2009-06-25 18:36 . 2009-06-25 18:36 123392 ----a-w- c:\windows\system32\SET2A8.tmp
2009-06-22 11:49 . 2009-06-22 11:49 19968 ----a-w- c:\windows\system32\SET2AE.tmp
2009-06-22 11:49 . 2009-06-22 11:49 117248 ----a-w- c:\windows\system32\SET2A4.tmp
2009-06-22 11:49 . 2009-06-22 11:49 4608 ----a-w- c:\windows\system32\SET2A5.tmp
2009-06-22 11:48 . 2009-06-22 11:48 91776 ----a-w- c:\windows\system32\drivers\SET2B0.tmp
2008-10-11 22:34 . 2008-10-11 22:34 15115 ----a-w- c:\program files\Common Files\unaqyna.ban
2008-05-28 14:36 . 2008-06-06 18:29 87400 ----a-w- c:\program files\UnHyCam2.exe
2008-05-28 14:36 . 2008-06-06 18:29 882000 ----a-w- c:\program files\HyCam2.exe
2008-05-23 16:08 . 2008-06-06 18:29 3271 ----a-w- c:\program files\agreement.txt
2007-12-19 18:46 . 2008-06-06 18:29 114549 ----a-w- c:\program files\HyCam2.chm
2007-10-22 20:09 . 2008-06-06 18:29 106496 ----a-w- c:\program files\CamRes2.dll
2007-09-27 19:31 . 2008-06-06 18:29 5272 ----a-w- c:\program files\HyCam2.tlb
2007-08-11 23:15 . 2008-06-06 18:29 57344 ----a-w- c:\program files\MClick2.dll
2007-05-11 15:49 . 2007-05-11 15:49 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-01-31 21:34 . 2007-01-31 21:34 55040 ----a-w- c:\program files\MC
2006-07-09 10:13 . 2008-06-06 18:29 82 ----a-w- c:\program files\HomePage.url
2004-05-05 17:57 . 2008-06-06 18:29 2018 ----a-w- c:\program files\readme.txt
2004-04-16 19:07 . 2008-06-06 18:29 675 ----a-w- c:\program files\HyCam2.cnt
1999-06-24 16:49 . 2008-06-06 18:29 421 ----a-w- c:\program files\8-44100u.wav
1999-06-24 16:49 . 2008-06-06 18:29 587 ----a-w- c:\program files\8-44100d.wav
1999-06-24 16:47 . 2008-06-06 18:29 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47 . 2008-06-06 18:29 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46 . 2008-06-06 18:29 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46 . 2008-06-06 18:29 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44 . 2008-06-06 18:29 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43 . 2008-06-06 18:29 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41 . 2008-06-06 18:29 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40 . 2008-06-06 18:29 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38 . 2008-06-06 18:29 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37 . 2008-06-06 18:29 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34 . 2008-06-06 18:29 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34 . 2008-06-06 18:29 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54 . 2008-06-06 18:29 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50 . 2008-06-06 18:29 326 ----a-w- c:\program files\16-11025u.wav
2008-09-04 21:32 . 2008-09-04 21:32 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-10_21.29.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-09-11 22:19 . 2009-09-11 22:19 16384 c:\windows\temp\Perflib_Perfdata_380.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2006-06-17 09:23 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2006-06-17 09:23 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2006-06-19 04:33 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2009-07-12 20:05 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-07-12 20:05 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2006-06-17 09:23 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
+ 2006-06-17 09:23 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2006-06-17 09:23 . 2007-08-14 00:36 44544 c:\windows\system32\pngfilt.dll
+ 2006-06-17 09:23 . 2009-09-11 22:23 72268 c:\windows\system32\perfc009.dat
+ 2006-06-17 09:35 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2006-06-17 09:35 . 2004-08-10 19:00 58880 c:\windows\system32\msdtclog.dll
+ 2006-06-17 09:35 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2003-09-04 19:14 . 2003-09-04 19:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe
+ 2006-06-17 09:23 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-14 00:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2006-06-17 09:23 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
+ 2006-06-17 09:23 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
- 2006-06-17 09:23 . 2004-08-10 19:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2006-06-17 09:23 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2006-10-23 15:34 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2006-10-23 15:34 . 2007-08-14 00:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2007-07-06 10:05 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2006-06-17 09:23 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-29 11:07 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-14 00:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 00:45 . 2007-08-14 00:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-29 16:12 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-07-29 04:53 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
- 2007-08-14 00:42 . 2007-08-14 00:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2006-06-17 09:23 . 2004-08-10 19:00 84992 c:\windows\system32\avifil32.dll
+ 2006-06-17 09:23 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2006-10-03 20:54 . 2008-12-13 14:54 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2009-09-11 22:09 . 2007-08-14 00:36 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 50688 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 27136 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 13312 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-11 22:09 . 2007-08-14 00:39 43008 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-11 22:09 . 2007-08-14 00:45 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 54784 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-11 22:09 . 2007-08-14 00:36 61952 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-11 22:09 . 2007-08-14 00:42 17408 c:\windows\ie7updates\KB972260-IE7\corpol.dll
- 2009-06-09 00:25 . 2009-09-10 02:04 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-09 00:25 . 2009-09-10 22:29 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-09 00:25 . 2009-09-10 22:29 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-06-09 00:25 . 2009-09-10 02:04 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
+ 2006-06-17 09:24 . 2008-06-18 10:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2006-06-17 09:24 . 2007-10-27 22:40 222720 c:\windows\system32\wmasf.dll
+ 2006-06-17 09:23 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2006-06-17 09:23 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2006-06-17 09:23 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2006-06-17 09:23 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2006-06-17 09:23 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2006-06-17 09:23 . 2009-09-11 22:23 444836 c:\windows\system32\perfh009.dat
+ 2006-06-17 09:23 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2006-06-17 09:23 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2006-06-17 09:35 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2006-06-17 09:24 . 2006-12-04 21:21 414720 c:\windows\system32\msscp.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2006-06-17 09:35 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-06-17 09:35 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2006-06-17 09:35 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2006-06-17 09:23 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll
+ 2006-06-17 09:24 . 2008-06-18 06:09 100864 c:\windows\system32\logagent.exe
- 2006-06-17 09:24 . 2006-10-19 01:03 100864 c:\windows\system32\logagent.exe
+ 2006-06-17 09:23 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2006-06-17 09:23 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-06-17 09:23 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
- 2006-06-17 09:23 . 2007-08-13 23:56 161792 c:\windows\system32\ieakui.dll
+ 2006-06-17 09:23 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2006-06-17 09:23 . 2007-08-14 00:35 214528 c:\windows\system32\dxtrans.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2006-06-17 09:23 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2009-07-13 15:08 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-06-11 08:58 . 2008-06-18 10:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-02-10 23:31 . 2009-02-10 23:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2007-10-27 23:39 . 2007-10-27 22:40 222720 c:\windows\system32\dllcache\wmasf.dll
- 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-14 00:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
- 2006-09-18 14:15 . 2007-08-14 00:54 765952 c:\windows\system32\dllcache\VGX.dll
- 2007-08-14 00:44 . 2007-08-14 00:44 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 00:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2006-06-17 09:35 . 2004-08-10 19:00 295424 c:\windows\system32\dllcache\termsrv.dll
+ 2009-07-29 04:53 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-10-03 21:11 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2006-06-17 09:23 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-06-17 09:23 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-14 00:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-06-17 09:23 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2006-10-23 15:34 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-10-23 15:34 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-08-17 12:28 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll
- 2008-06-11 08:47 . 2006-10-19 01:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2008-06-11 08:47 . 2008-06-18 06:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-06-17 09:23 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-06-17 09:23 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-06-17 09:38 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-29 16:12 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-14 00:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 23:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2007-08-13 23:56 . 2007-08-13 23:56 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-10-23 15:34 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-06-17 09:23 . 2007-08-14 00:35 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-17 09:23 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 00:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-06-17 09:23 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
+ 2006-06-17 09:23 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2006-06-17 09:23 . 2004-08-10 19:00 616960 c:\windows\system32\_000027_.tmp.dll
+ 2006-06-17 09:23 . 2007-11-07 09:26 721920 c:\windows\system32\_000026_.tmp.dll
+ 2006-06-17 09:23 . 2004-08-10 19:00 708096 c:\windows\system32\_000025_.tmp.dll
+ 2006-06-17 09:23 . 2004-08-10 19:00 108032 c:\windows\system32\_000024_.tmp.dll
+ 2006-06-17 09:23 . 2007-04-16 15:52 984576 c:\windows\system32\_000009_.tmp.dll
+ 2006-06-17 09:23 . 2006-08-17 12:28 132096 c:\windows\system32\_000008_.tmp.dll
+ 2006-06-17 09:23 . 2007-04-25 14:21 144896 c:\windows\system32\_000007_.tmp.dll
+ 2009-09-11 22:05 . 2009-09-11 22:05 248832 c:\windows\Installer\191d5e4.msi
- 2006-10-03 20:54 . 2008-12-13 14:54 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-10-03 20:54 . 2008-12-13 14:54 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-10-03 20:54 . 2009-09-11 22:17 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-15 01:45 . 2009-09-11 22:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2006-10-03 21:04 . 2008-12-13 14:40 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2006-10-03 21:04 . 2009-09-11 22:11 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2003-07-15 10:18 . 2003-07-15 10:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL
+ 2005-08-22 19:16 . 2005-08-22 19:16 929792 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20987_wkwpqd.dll
+ 2005-08-22 19:18 . 2005-08-22 19:18 147456 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20985_wkwpqrtf.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 818688 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 231424 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-11 22:09 . 2007-08-14 00:44 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-11 22:10 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-11 22:10 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-11 22:09 . 2007-08-14 00:44 101376 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 670720 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-11 22:09 . 2007-08-14 00:44 192000 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 475648 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 458752 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-11 22:09 . 2007-08-14 00:43 622080 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-11 22:09 . 2007-08-14 00:34 266752 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 382976 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-11 22:09 . 2007-07-11 18:27 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-11 22:09 . 2007-08-13 23:56 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 229376 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 152064 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 131584 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-11 22:09 . 2007-08-14 00:35 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-11 22:09 . 2007-08-14 00:35 346624 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-11 22:09 . 2007-08-14 00:39 123904 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-09-11 22:13 . 2007-08-14 00:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-09-11 22:13 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-09-11 22:13 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2006-06-17 09:36 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2006-06-17 09:24 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
- 2006-06-17 09:24 . 2007-04-30 13:20 5537792 c:\windows\system32\wmp.dll
+ 2006-06-17 09:24 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
+ 2006-06-17 09:23 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2006-06-17 09:23 . 2009-06-03 19:24 1291264 c:\windows\system32\quartz.dll
+ 2006-06-17 09:23 . 2009-02-06 10:29 2142720 c:\windows\system32\ntoskrnl.exe
- 2006-06-17 09:23 . 2008-08-14 09:55 2142720 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 05:59 . 2009-02-06 09:49 2020864 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 05:59 . 2008-08-14 09:18 2020864 c:\windows\system32\ntkrnlpa.exe
- 2006-06-17 02:30 . 2009-06-02 23:05 2065456 c:\windows\system32\FNTCACHE.DAT
+ 2006-06-17 02:30 . 2009-09-11 22:19 2065456 c:\windows\system32\FNTCACHE.DAT
+ 2006-06-17 09:24 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-13 15:08 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-06-17 09:23 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-06-17 09:23 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-10-29 22:35 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 16:51 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 16:12 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 16:12 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 16:12 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 16:12 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 16:49 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 16:49 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-11-08 05:06 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-06-17 09:23 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-19 13:32 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2006-06-17 09:23 . 2008-09-15 11:57 1846016 c:\windows\system32\_000006_.tmp.dll
+ 2009-05-01 20:49 . 2009-05-01 20:49 4328960 c:\windows\Installer\191d66b.msp
+ 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\191d656.msp
+ 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\191d641.msp
+ 2009-05-12 18:01 . 2009-05-12 18:01 6818816 c:\windows\Installer\191d62e.msp
+ 2009-04-22 20:14 . 2009-04-22 20:14 4869632 c:\windows\Installer\191d61c.msp
+ 2009-02-26 00:08 . 2009-02-26 00:08 8311808 c:\windows\Installer\191d607.msp
+ 2009-04-23 22:57 . 2009-04-23 22:57 7672832 c:\windows\Installer\191d5f6.msp
+ 2009-05-15 01:45 . 2009-09-11 22:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-05-15 01:45 . 2009-05-15 01:45 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-05-10 18:45 . 2007-05-10 18:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL
+ 2009-09-11 22:09 . 2007-08-14 00:54 1162240 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 3578368 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-11 22:09 . 2007-08-14 00:54 6049280 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-11 22:09 . 2007-02-12 22:10 2451312 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2006-06-19 06:25 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-19 06:25 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-06-19 06:25 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-06-19 06:25 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-06-19 06:25 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-06-19 06:25 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-06-19 06:25 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-09-11 22:15 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
+ 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\191d657.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1159909523\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Owner.YOUR-B056543DD8\\Desktop\\SUPERAntiSpywarePro\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/6/2009 3:12 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/2/2009 6:14 PM 114768]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Owner.YOUR-B056543DD8\Desktop\SUPERAntiSpywarePro\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/2/2009 6:14 PM 20560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 gupdate1ca0b3d55776da2;Google Update Service (gupdate1ca0b3d55776da2);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 9:28 PM 133104]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/3/2006 3:50 PM 29744]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BealkEi
.
Contents of the 'Scheduled Tasks' folder

2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 02:28]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 02:28]

2006-11-25 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]

2006-11-25 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]

2006-11-25 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Owner.YOUR-B056543DD8\Application Data\Mozilla\Firefox\Profiles\y5ipk32z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {3961010E-F9D4-4770-96CA-BD53C56ED078} - c:\documents and settings\Owner.YOUR-B056543DD8\Local Settings\Application Data\{3961010E-F9D4-4770-96CA-BD53C56ED078}
FF - HiddenExtension: XUL Cache: {5AEA6A70-70DB-49A5-B8D3-336711A5C597} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{5AEA6A70-70DB-49A5-B8D3-336711A5C597}\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-11 17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 22:30
ComboFix2.txt 2009-09-10 21:43

Pre-Run: 16,324,169,728 bytes free
Post-Run: 15,791,980,544 bytes free

653 --- E O F --- 2009-09-10 22:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:27 PM, on 9/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.YOUR-B056543DD8\My Documents\Downloads\HiJackThis (7).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca0b3d55776da2) (gupdate1ca0b3d55776da2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--
End of file - 7548 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 September 2009 - 09:56 PM

Hello, can you tell me what these files are?

1999-06-24 16:47 . 2008-06-06 18:29 225 ----a-w- c:\program files\8-22050u.wav
1999-06-24 16:47 . 2008-06-06 18:29 317 ----a-w- c:\program files\8-22050d.wav
1999-06-24 16:46 . 2008-06-06 18:29 135 ----a-w- c:\program files\8-11025u.wav
1999-06-24 16:46 . 2008-06-06 18:29 183 ----a-w- c:\program files\8-11025d.wav
1999-06-24 16:44 . 2008-06-06 18:29 127 ----a-w- c:\program files\8-8000u.wav
1999-06-24 16:43 . 2008-06-06 18:29 151 ----a-w- c:\program files\8-8000d.wav
1999-06-24 16:41 . 2008-06-06 18:29 220 ----a-w- c:\program files\16-8000u.wav
1999-06-24 16:40 . 2008-06-06 18:29 260 ----a-w- c:\program files\16-8000d.wav
1999-06-24 16:38 . 2008-06-06 18:29 956 ----a-w- c:\program files\16-44100u.wav
1999-06-24 16:37 . 2008-06-06 18:29 1186 ----a-w- c:\program files\16-44100d.wav
1999-06-24 16:34 . 2008-06-06 18:29 442 ----a-w- c:\program files\16-22050u.wav
1999-06-24 16:34 . 2008-06-06 18:29 652 ----a-w- c:\program files\16-22050d.wav
1999-06-24 15:54 . 2008-06-06 18:29 340 ----a-w- c:\program files\16-11025d.wav
1999-06-24 15:50 . 2008-06-06 18:29 326 ----a-w- c:\program files\16-11025u.wa

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 11 September 2009 - 10:29 PM

those files are the sounds for hypercam like the clicks and stuff and now when i turn my comp on i dont get the virus warning from ESET anymore so is the virus gone?

Edited by MarlonStafford, 11 September 2009 - 10:30 PM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 September 2009 - 10:57 PM

A little bit more..



Please download the OTM by OldTimer
  • Save it to your Desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\SET*.tmp
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Note: BitDefender Online Scan can only be used with Internet Explorer..

Lets do an online scan with BitDefender Online Scanner
  • Click on I Agree
  • Please install the Add-ons if requested
  • Click on Start Scan
  • Let it update its virus definition.. It will then automatically scan all your files and folders..
  • If infections found, it will attempt to disinfect/delete the infection..
  • After the scan finish, click on More Detail >>
  • Go to Detected Problems tab and click on Click here to export the scan report
  • Save the report as result.html on your Desktop. Copy the whole content of result.html and paste it in Notepad
  • Save the result in the Notepad and post the contents here in your next reply

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 12 September 2009 - 12:43 PM

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\system32\SET24.tmp moved successfully.
c:\windows\system32\SET2A1.tmp moved successfully.
c:\windows\system32\SET2A2.tmp moved successfully.
c:\windows\system32\SET2A3.tmp moved successfully.
c:\windows\system32\SET2A4.tmp moved successfully.
c:\windows\system32\SET2A5.tmp moved successfully.
c:\windows\system32\SET2A6.tmp moved successfully.
c:\windows\system32\SET2A7.tmp moved successfully.
c:\windows\system32\SET2A8.tmp moved successfully.
c:\windows\system32\SET2A9.tmp moved successfully.
c:\windows\system32\SET2AA.tmp moved successfully.
c:\windows\system32\SET2AB.tmp moved successfully.
c:\windows\system32\SET2AC.tmp moved successfully.
c:\windows\system32\SET2AD.tmp moved successfully.
c:\windows\system32\SET2AE.tmp moved successfully.
c:\windows\system32\SET2AF.tmp moved successfully.
c:\windows\system32\SET2E1.tmp moved successfully.
c:\windows\system32\SET30.tmp moved successfully.
c:\windows\system32\SET325.tmp moved successfully.
c:\windows\system32\SET326.tmp moved successfully.
c:\windows\system32\SET331.tmp moved successfully.
c:\windows\system32\SET371.tmp moved successfully.
c:\windows\system32\SET377.tmp moved successfully.
c:\windows\system32\SET379.tmp moved successfully.
c:\windows\system32\SET37A.tmp moved successfully.
c:\windows\system32\SET380.tmp moved successfully.
c:\windows\system32\SET381.tmp moved successfully.
c:\windows\system32\SET382.tmp moved successfully.
c:\windows\system32\SET386.tmp moved successfully.
c:\windows\system32\SET388.tmp moved successfully.
c:\windows\system32\SET389.tmp moved successfully.
c:\windows\system32\SET38B.tmp moved successfully.
c:\windows\system32\SET38C.tmp moved successfully.
c:\windows\system32\SET391.tmp moved successfully.
c:\windows\system32\SET395.tmp moved successfully.
c:\windows\system32\SET3E2.tmp moved successfully.
c:\windows\system32\SET441.tmp moved successfully.
c:\windows\system32\SET443.tmp moved successfully.
c:\windows\system32\SET4C6.tmp moved successfully.
c:\windows\system32\SET528.tmp moved successfully.
c:\windows\system32\SET69.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 890797 bytes
->Google Chrome cache emptied: 186657211 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

User: Owner.YOUR-B056543DD8
->Temp folder emptied: 861853 bytes
->Temporary Internet Files folder emptied: 15929030 bytes
->Java cache emptied: 280362213 bytes
->FireFox cache emptied: 54644888 bytes
->Google Chrome cache emptied: 133425332 bytes

User: OWNER~1

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp\msdownld.tmp folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 5997 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 641.76 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09122009_123720

Files moved on Reboot...

Registry entries deleted on Reboot...

#11 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 12 September 2009 - 12:58 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

9/12/2009 2:31:52 PM
mbam-log-2009-09-12 (14-31-52).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 240313
Time elapsed: 1 hour(s), 45 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\tajf83ikdmf.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkkdulnbmqp.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvassuxrmas.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by MarlonStafford, 12 September 2009 - 02:38 PM.


#12 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 12 September 2009 - 02:43 PM

BitDefender Online Scanner





Scan report generated at: Sat, Sep 12, 2009 - 18:48:54







Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;











Statistics

Time

03:59:48

Files

860071

Folders

15536

Boot Sectors

0

Archives

12340

Packed Files

58315





Results

Identified Viruses

4

Infected Files

5

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

5





Engines Info

Virus Definitions

4148465

Engine build

AVCORE v2.1 Windows/i386 11.0.0.26 (Aug 27 2009)

Scan plugins

17

Archive plugins

45

Unpack plugins

7

E-mail plugins

6

System plugins

4





Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions



Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes






Scanned File

Status

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxfumprtbvd.sys.vir

Detected with: Application.Generic.199701

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxfumprtbvd.sys.vir

Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxfumprtbvd.sys.vir

Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxtgvnkssi.dll.vir

Infected with: Backdoor.Generic.209057

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxtgvnkssi.dll.vir

Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxtgvnkssi.dll.vir

Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxyyueoblc.dll.vir

Infected with: Backdoor.Generic.209057

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxyyueoblc.dll.vir

Disinfection failed

C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxyyueoblc.dll.vir

Deleted

C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir

Infected with: Trojan.Generic.CJ.SOZ

C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir

Deleted

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\SP2QFE\tr\msrdp.ocx

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\spmsg.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\spuninst.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\branches.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\eula.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\KB958470.CAT

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\msrdpcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\spcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\update.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\update.ver

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\updatebr.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\update_SP2GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\update_SP2QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\update\updspapi.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_downloadprogress_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_file_to_execute_.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_unpacked_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_unpacked_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_useselfcontained_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\58b417d4f9467dc5c1babe51c3278018\_useselfcontained_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2GDR

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2GDR\mswrd8.wpc

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2GDR\sysmain.sdb

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2GDR\wordpad.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2GDR\xpsp3res.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE\acadproc.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE\mswrd8.wpc

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE\sysmain.sdb

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE\wordpad.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP2QFE\xpsp3res.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3GDR

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3GDR\mswrd8.wpc

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3GDR\sysmain.sdb

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3GDR\wordpad.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3GDR\xpsp4res.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3QFE

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3QFE\mswrd8.wpc

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3QFE\sysmain.sdb

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3QFE\wordpad.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\SP3QFE\xpsp4res.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\spmsg.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\spuninst.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\branches.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\eula.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\KB923561.CAT

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\spcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update.ver

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\updatebr.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update_SP2GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update_SP2QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update_SP3GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\update_SP3QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\update\updspapi.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_downloadprogress_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_file_to_execute_.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_unpacked_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_unpacked_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_useselfcontained_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\593d5ddb620b1f1b4bef986c655fd062\_useselfcontained_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\5ecb7e5c24f0cb619c7e9c1c35f76dbe9313b7b2

Clean

C:\WINDOWS\SoftwareDistribution\Download\5ecb7e5c24f0cb619c7e9c1c35f76dbe9313b7b2=>(CAB Sfx o)

Clean

C:\WINDOWS\SoftwareDistribution\Download\5ecb7e5c24f0cb619c7e9c1c35f76dbe9313b7b2=>(CAB Sfx o)=>mrt.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\5ecb7e5c24f0cb619c7e9c1c35f76dbe9313b7b2=>(CAB Sfx o)=>mrtstub.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\646039841b9f9cc77d53e19ce33e25dce113891f

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\backup

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp2gdr

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp2gdr\localspl.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp2qfe

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp2qfe\localspl.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp3gdr

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp3gdr\localspl.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp3qfe

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\sp3qfe\localspl.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spmsg.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\spuninst.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\susdl.rq0

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\branches.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\eula.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\KB961501.cat

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\spcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.url

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update.ver

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\updatebr.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update_SP2GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update_SP2QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update_SP3GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\update_SP3QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\update\updspapi.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\WindowsXP-KB961501-x86-ENU.psm

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\_downloadprogress_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\_unpacked_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\_unpacked_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\_usedelta_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\64cc77a1a7652da2d7ace79940460770\_usedelta_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F20954_gdiplus.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F20963_wkssole.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F22194_wksssdb.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F20985_wkwpqrtf.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F20987_wkwpqd.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F752_gdiplus.dll.A71B733C_FB62_440D_B401_AF25C8E1706B

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F246_MSWRD832.CNV.5A615A5F_1BEF_49E8_B215_12C0D1DFC1D5

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F254_works432.cnv.9F31BE11_7AF6_44F7_A7A6_659613E0340E

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F365_wkcvqd01.dll.3645A8F6_2372_40F5_8EBE_A81D9372D49B

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F366_wkcvqr01.dll.3645A8F6_2372_40F5_8EBE_A81D9372D49B

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F281_WPGIMP32.FLT.CC29EB1B_7BC2_11D1_A921_00A0C91E2AA2

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F254_gifimp32.flt.CC29EA61_7BC2_11D1_A921_00A0C91E2AA2

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F251_png32.flt.CC29EA5F_7BC2_11D1_A921_00A0C91E2AA2

Clean

C:\WINDOWS\SoftwareDistribution\Download\6537045bbf832bbf036003391ea987ab\Works8_KB967043_en-US.cab=>Works8_KB967043_en-US.msp=>(Embedded CAB)=>F1147_PPTVIEW.EXE.605A352E_957A_4686_A1DE_2D194D61DB07

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP2GDR

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP2GDR\msoe.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP2QFE

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP2QFE\msoe.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP3GDR

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP3GDR\msoe.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP3QFE

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\SP3QFE\msoe.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\spmsg.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\spuninst.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\branches.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\eula.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\KB973354.CAT

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\spcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.ver

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\updatebr.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update_SP2GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update_SP2QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update_SP3GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update_SP3QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\updspapi.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_downloadprogress_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_file_to_execute_.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_unpacked_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_unpacked_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_useselfcontained_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\_useselfcontained_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\688f4b519650beaae0c64a5395bc5ca481f80d7b

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp2gdr

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp2gdr\avifil32.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp2qfe

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp2qfe\avifil32.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp3gdr

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp3gdr\avifil32.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp3qfe

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\sp3qfe\avifil32.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\spmsg.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\spuninst.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\susdl.rq0

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\branches.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\eula.txt

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\KB971557.cat

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\spcustom.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.url

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.ver

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\updatebr.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update_SP2GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update_SP2QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update_SP3GDR.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update_SP3QFE.inf

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\updspapi.dll

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\WindowsXP-KB971557-x86-ENU.psm

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\_downloadprogress_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\_unpacked_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\_unpacked_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\_usedelta_.state

Clean

C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\_usedelta_.state=>(REMOVED_NULLS)

Clean

C:\WINDOWS\SoftwareDistribution\Download\6abfe364747ce615783b62ea6df3e898d0fa6c40

Clean

C:\WINDOWS\SoftwareDistribution\Download\6f157d7117c4b802202e3eb62ec28feb89a5af70

Clean

C:\WINDOWS\SoftwareDistribution\Download\6f157d7117c4b802202e3eb62ec28feb89a5af70=>(CAB Sfx o)

Clean

C:\WINDOWS\SoftwareDistribution\Download\6f157d7117c4b802202e3eb62ec28feb89a5af70=>(CAB Sfx o)=>mrt.exe._p

Clean

C:\WINDOWS\SoftwareDistribution\Download\6f157d7117c4b802202e3eb62ec28feb89a5af70=>(CAB Sfx o)=>mrtstub.exe

Clean

C:\WINDOWS\SoftwareDistribution\Download\73b66318438250044c753ec78544c298

Clean

C:\WINDOWS\SoftwareDistribution\Download\73b66318438250044c753ec78544c298\OWC11.CAB

Clean

C:\WINDOWS\SoftwareDistribution\Download\73b66318438250044c753ec78544c298\OWC11.CAB=>OWC11.msp

Clean

C:\WINDOWS\system32\lkod.dll

Infected with: Trojan.Generic.2376226

C:\WINDOWS\system32\lkod.dll

Disinfection failed

C:\WINDOWS\system32\lkod.dll

Deleted

Edited by MarlonStafford, 12 September 2009 - 06:53 PM.


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 September 2009 - 12:11 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 MarlonStafford

MarlonStafford
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 13 September 2009 - 10:38 AM

my comp seems to be free from viruses but the onlything i want to know is winlogon.exe a virus or just a regular part of the system cause ESET says its a virus every now and then and only thing i have to do now is a system update, but after this experience i dont know whats real or fake :(

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 13 September 2009 - 11:17 AM

Do a fullscan with your ESET and tell me if it still detects Winlogon.exe as virus :(

Also give me the fullpath of anything that ESET detects

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users