Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirected and other issues


  • This topic is locked This topic is locked
25 replies to this topic

#1 Misfit Wookiee

Misfit Wookiee

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 14 October 2009 - 05:19 PM

Hi there and thank you for helping. Every time I try to click on a Google link, whether IE or Firefox, it redirects me to other sites, sometimes relating to my link and other times not. Other things have been going on, including inability to update many of my programs (Windows and antivirus, primarily). I also had an external hard drive that recently stopped being recognized. Not sure if they are connected, but I thought I'd mention it.

My DDS scan:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Fairy at 10:48:10.72 on Wed 10/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 85.255.112.143,85.255.112.203
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
TCP: {FBA4787C-C75A-41A4-9097-3985CA692989} = 85.255.112.143,85.255.112.203
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-14 09:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 09:33 812,344 a------- C:\HijackThisInstaller.exe
2009-10-12 20:37 81,984 a------- c:\windows\system32\bdod.bin
2009-10-11 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-11 15:01 <DIR> --d----- c:\program files\common files\BitDefender
2009-09-28 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-28 17:36 18,854 a------- c:\docume~1\alluse~1\applic~1\ohete.exe
2009-09-28 17:36 17,920 a------- c:\windows\ewocad.dll
2009-09-28 17:36 14,220 a------- c:\windows\ralihep.sys
2009-09-28 17:36 16,155 a------- c:\windows\aqitagonyf._dl
2009-09-28 17:36 15,779 a------- c:\windows\zicom.reg
2009-09-28 17:36 15,038 a------- c:\program files\common files\bavavad.bat
2009-09-28 17:36 11,522 a------- c:\docume~1\alluse~1\applic~1\durawoqehu.pif
2009-09-28 17:36 11,033 a------- c:\windows\lagud.scr
2009-09-28 17:36 10,863 a------- c:\docume~1\alluse~1\applic~1\inupag.bin
2009-09-28 17:35 16,335 a------- c:\windows\efabuna.dat
2009-09-28 17:35 19,118 a------- c:\windows\system32\tysaw.pif
2009-09-28 17:35 18,800 a------- c:\docume~1\alluse~1\applic~1\movefez.bat
2009-09-28 17:35 16,114 a------- c:\windows\ficemec.pif
2009-09-28 17:35 15,980 a------- c:\docume~1\alluse~1\applic~1\uwoti.bat
2009-09-28 17:35 13,902 a------- c:\program files\common files\kitibozul.dll
2009-09-28 17:35 12,102 a------- c:\windows\alyju.com
2009-09-28 17:35 10,521 a------- c:\docume~1\fairy\applic~1\dykyqan.scr
2009-09-28 17:35 10,386 a------- c:\docume~1\alluse~1\applic~1\sikege.dll
2009-09-28 17:34 17,845 a------- c:\windows\fybuba.inf
2009-09-28 17:34 17,623 a------- c:\windows\odudij.inf
2009-09-28 17:34 16,463 a------- c:\docume~1\fairy\applic~1\xocagedi.dat
2009-09-28 17:34 16,319 a------- c:\docume~1\fairy\applic~1\qigewukuz.reg
2009-09-28 17:34 15,271 a------- c:\docume~1\alluse~1\applic~1\tesopire.bin
2009-09-28 17:34 15,232 a------- c:\program files\common files\lyvinog.dll
2009-09-28 17:34 14,828 a------- c:\windows\ihyxadodeq.pif
2009-09-28 17:34 14,368 a------- c:\docume~1\fairy\applic~1\dufypanuqy.exe
2009-09-28 17:34 10,534 a------- c:\windows\ehiwubor.inf
2009-09-28 17:34 13,241 a------- c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
2009-09-24 10:52 <DIR> --d----- c:\program files\common files\xing shared
2009-09-21 18:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-21 16:43 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-21 16:41 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 16:40 <DIR> --d----- c:\program files\Lavasoft
2009-09-20 20:27 <DIR> --d----- c:\program files\Magix
2009-09-19 20:37 <DIR> --d----- c:\program files\iPod
2009-09-19 20:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-07-30 08:47 3,000 a------- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-07-30 08:45 515,760 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-30 08:42 14,384 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-30 13:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-06-30 13:02 49,152 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat

============= FINISH: 10:49:58.62 ===============

Any help would be greatly appreciated. I'll answer any queries as promptly as possible. Thanks again for any help you can render. I also have tried to install and run HijackThis, but it won't run (acts like nothing has happened).

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 26 October 2009 - 03:58 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 October 2009 - 11:45 AM

Yup, still need the help... here's the dds...


DDS (Ver_09-10-13.01) - NTFSx86
Run by Fairy at 9:40:26.07 on Fri 10/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.124 [GMT -7:00]

AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Fairy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\fairy\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 85.255.112.143,85.255.112.203
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
TCP: {FBA4787C-C75A-41A4-9097-3985CA692989} = 85.255.112.143,85.255.112.203
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-21 64160]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-4-4 2944]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-4-4 10368]

=============== Created Last 30 ================

2009-10-14 09:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 09:33 812,344 a------- C:\HijackThisInstaller.exe
2009-10-12 20:37 81,984 a------- c:\windows\system32\bdod.bin
2009-10-11 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-11 15:01 <DIR> --d----- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-09-28 17:36 18,854 a------- c:\docume~1\alluse~1\applic~1\ohete.exe
2009-09-28 17:36 17,920 a------- c:\windows\ewocad.dll
2009-09-28 17:36 15,038 a------- c:\program files\common files\bavavad.bat
2009-09-28 17:36 14,220 a------- c:\windows\ralihep.sys
2009-09-28 17:36 15,779 a------- c:\windows\zicom.reg
2009-09-28 17:36 11,522 a------- c:\docume~1\alluse~1\applic~1\durawoqehu.pif
2009-09-28 17:36 11,033 a------- c:\windows\lagud.scr
2009-09-28 17:36 10,863 a------- c:\docume~1\alluse~1\applic~1\inupag.bin
2009-09-28 17:35 16,335 a------- c:\windows\efabuna.dat
2009-09-28 17:35 19,118 a------- c:\windows\system32\tysaw.pif
2009-09-28 17:35 18,800 a------- c:\docume~1\alluse~1\applic~1\movefez.bat
2009-09-28 17:35 16,114 a------- c:\windows\ficemec.pif
2009-09-28 17:35 15,980 a------- c:\docume~1\alluse~1\applic~1\uwoti.bat
2009-09-28 17:35 13,902 a------- c:\program files\common files\kitibozul.dll
2009-09-28 17:35 12,102 a------- c:\windows\alyju.com
2009-09-28 17:35 10,521 a------- c:\docume~1\fairy\applic~1\dykyqan.scr
2009-09-28 17:35 10,386 a------- c:\docume~1\alluse~1\applic~1\sikege.dll
2009-09-28 17:34 16,463 a------- c:\docume~1\fairy\applic~1\xocagedi.dat
2009-09-28 17:34 16,319 a------- c:\docume~1\fairy\applic~1\qigewukuz.reg
2009-09-28 17:34 15,271 a------- c:\docume~1\alluse~1\applic~1\tesopire.bin
2009-09-28 17:34 15,232 a------- c:\program files\common files\lyvinog.dll
2009-09-28 17:34 14,828 a------- c:\windows\ihyxadodeq.pif
2009-09-28 17:34 14,368 a------- c:\docume~1\fairy\applic~1\dufypanuqy.exe
2009-09-28 17:34 13,241 a------- c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
2009-06-30 13:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-06-30 13:02 49,152 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat

============= FINISH: 9:41:50.94 ===============

I also have the new attach file if you need it as well.

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 30 October 2009 - 03:10 PM

DNA
BitTorrent


Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 October 2009 - 08:10 PM

I uninstalled DNA, but BitTorrent was on the aforementioned external hard drive that I believe is not working due to the external drive enclosure. Is there a way I can uninstall it or remove it from my Control Panel? I don't want to start on this until I remove BitTorrent, unless you think it will be okay.

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 31 October 2009 - 05:34 AM

BitTorrent can be uninstalled later when you're able to plug the drive. You may continue with ComboFix run now :(

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 01 November 2009 - 09:37 AM

I've tried installing ComboFix, but when I attempt to run the program it just sits there... no hard drive activity after an initial burst of activity. I also attempted to manually install Windows Recovery Console from the link in ComboFix's instructions (from the Microsoft website), but it gives me a screen that says there isn't an internet connection or the link is invalid (but I do have the internet connectivity, as evidenced by this note to you).

I tried both ComboFix link d/l's, to no avail.

Any suggestions?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 01 November 2009 - 09:51 AM

Hi,

I assume you disabled protection software first as instructed. Let's try plan B.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must rename it before saving it (use Misfit.exe as name). Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Misfit.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt & fresh dds log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Edited by Blade81, 01 November 2009 - 09:51 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 03 November 2009 - 11:29 PM

Here 'ya go...

ComboFix 09-11-03.01 - Fairy 11/03/2009 20:04.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -8:00]
Running from: c:\documents and settings\Fairy\Desktop\Misfit.exe
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fairy\Cookies\ajuzuj.dll
c:\documents and settings\Fairy\Cookies\axacek.pif
c:\documents and settings\Fairy\Cookies\buxic.lib
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\movefez.bat
c:\documents and settings\All Users\Application Data\uwoti.bat
c:\documents and settings\All Users\Documents\bipi.vbs
c:\documents and settings\All Users\Documents\capu.inf
c:\documents and settings\All Users\Documents\laqyxesyka.reg
c:\documents and settings\All Users\Documents\nawecuby.bat
c:\documents and settings\All Users\Documents\syzopo.vbs
c:\documents and settings\All Users\Documents\yqiho.bat
c:\documents and settings\Fairy\Application Data\iniasd.txt
c:\documents and settings\Fairy\Application Data\qigewukuz.reg
c:\documents and settings\Fairy\Local Settings\Application Data\sazoqani.vbs
c:\documents and settings\Fairy\Local Settings\Application Data\yvumydige.vbs
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\amizuz.ban
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\apidij.lib
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\dyro.reg
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\ekyh.bat
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\moqo.vbs
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\obyc.exe
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\semygi.pif
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\wezavonej.sys
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\ybaqa.dl
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\ylebosezo.bat
c:\documents and settings\Fairy\Local Settings\Temporary Internet Files\ymes.vbs
c:\documents and settings\Fairy\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Fairy\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Fairy\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\program files\Common Files\bavavad.bat
c:\windows\ehiwubor.inf
c:\windows\ewocad.dll
c:\windows\fybuba.inf
c:\windows\lagud.scr
c:\windows\odudij.inf
c:\windows\SYSTEM32\DRIVERS\MSIVXtuwqbwwortiqpxevppfmllbdmrxptnio.sys
c:\windows\system32\MSIVXcount
c:\windows\SYSTEM32\MSIVXgxwkklttqxdlaswrrjkcrtngjqlrhmuy.dll
c:\windows\system32\MSIVXnpedwhlhpuyarvjubhxvropdxdxxtdpl.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\zicom.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_MSIVXserv.sys
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-03 04:55 . 2009-11-03 06:03 -------- d-----w- C:\Misfit11548M
2009-11-03 04:49 . 2009-11-03 04:54 -------- d-----w- C:\Misfit32596M
2009-11-03 04:45 . 2009-11-03 04:48 -------- d-----w- C:\Misfit25107M
2009-11-03 04:38 . 2009-11-03 04:40 -------- d-----w- C:\Misfit
2009-10-14 16:35 . 2009-10-14 16:35 -------- d-----w- c:\program files\Trend Micro
2009-10-14 16:33 . 2009-10-14 16:34 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-13 03:37 . 2009-10-13 03:37 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-11 22:30 . 2009-10-11 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-10-11 22:01 . 2009-10-13 03:41 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-11 21:45 . 2009-10-11 21:50 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 16:51 . 2009-09-21 03:27 -------- d-----w- c:\program files\Magix
2009-10-19 20:25 . 2004-11-09 02:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 01:16 . 2005-02-03 15:45 -------- d-----w- c:\program files\Maxis
2009-10-11 22:10 . 2009-09-29 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-29 00:36 . 2009-09-29 00:36 18854 ----a-w- c:\documents and settings\All Users\Application Data\ohete.exe
2009-09-29 00:36 . 2009-09-29 00:36 14220 ----a-w- c:\windows\ralihep.sys
2009-09-29 00:36 . 2009-09-29 00:36 11522 ----a-w- c:\documents and settings\All Users\Application Data\durawoqehu.pif
2009-09-29 00:36 . 2009-09-29 00:36 10863 ----a-w- c:\documents and settings\All Users\Application Data\inupag.bin
2009-09-29 00:35 . 2009-09-29 00:35 16335 ----a-w- c:\windows\efabuna.dat
2009-09-29 00:35 . 2009-09-29 00:35 19118 ----a-w- c:\windows\system32\tysaw.pif
2009-09-29 00:35 . 2009-09-29 00:35 16666 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\kiko.exe
2009-09-29 00:35 . 2009-09-29 00:35 16114 ----a-w- c:\windows\ficemec.pif
2009-09-29 00:35 . 2009-09-29 00:35 13902 ----a-w- c:\program files\Common Files\kitibozul.dll
2009-09-29 00:35 . 2009-09-29 00:35 12423 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\ejotija.exe
2009-09-29 00:35 . 2009-09-29 00:35 12102 ----a-w- c:\windows\alyju.com
2009-09-29 00:35 . 2009-09-29 00:35 10521 ----a-w- c:\documents and settings\Fairy\Application Data\dykyqan.scr
2009-09-29 00:35 . 2009-09-29 00:35 10386 ----a-w- c:\documents and settings\All Users\Application Data\sikege.dll
2009-09-29 00:34 . 2009-09-29 00:34 18455 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\obefitifol.pif
2009-09-29 00:34 . 2009-09-29 00:34 16463 ----a-w- c:\documents and settings\Fairy\Application Data\xocagedi.dat
2009-09-29 00:34 . 2009-09-29 00:34 15271 ----a-w- c:\documents and settings\All Users\Application Data\tesopire.bin
2009-09-29 00:34 . 2009-09-29 00:34 15232 ----a-w- c:\program files\Common Files\lyvinog.dll
2009-09-29 00:34 . 2009-09-29 00:34 14828 ----a-w- c:\windows\ihyxadodeq.pif
2009-09-29 00:34 . 2009-09-29 00:34 14368 ----a-w- c:\documents and settings\Fairy\Application Data\dufypanuqy.exe
2009-09-29 00:34 . 2009-09-29 00:34 13241 ----a-w- c:\documents and settings\All Users\Application Data\wyhedicyqa.dat
2009-09-24 17:53 . 2004-11-09 02:28 -------- d-----w- c:\program files\Common Files\Real
2009-09-24 17:52 . 2009-09-24 17:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-21 23:42 . 2009-09-21 23:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 23:40 . 2009-09-21 23:40 -------- d-----w- c:\program files\Lavasoft
2009-09-21 23:40 . 2009-09-21 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-20 04:38 . 2008-01-27 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-20 04:36 . 2008-01-27 07:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 03:38 . 2009-09-20 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 03:38 . 2007-11-19 05:00 -------- d-----w- c:\program files\iTunes
2009-09-20 03:37 . 2009-09-20 03:37 -------- d-----w- c:\program files\iPod
2009-09-20 03:37 . 2007-07-28 22:22 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 03:31 . 2009-09-20 03:28 -------- d-----w- c:\program files\QuickTime
2009-09-17 18:38 . 2008-08-07 06:24 -------- d-----w- c:\documents and settings\Fairy\Application Data\BitTorrent
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-28 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-24 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

c:\documents and settings\Fairy\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-28 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-8 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11897:TCP"= 11897:TCP:BitTorrent

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [9/21/2009 3:43 PM 64160]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 6:49 AM 1029456]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [4/4/2008 8:06 AM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [4/4/2008 8:03 AM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [4/4/2008 8:06 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [4/4/2008 8:05 AM 10368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-11-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Burn4Free - g:\program files\Burn4Free\uninstall.exe
AddRemove-Cakewalk.Pro.Audio.9.03-TcC - g:\progra~1\Cakewalk\cw9\UNWISE.EXE
AddRemove-CASHFLOW® 202 THE E-GAME - g:\progra~1\CASHFLOW\CASHFL~1\UNWISE.EXE
AddRemove-CASHFLOW® THE E-GAME - g:\progra~1\CASHFLOW\UNWISE.EXE
AddRemove-Dune 2000 - g:\program files\Westwood\Dune2000\Uninstll.exe
AddRemove-Exact Audio Copy - g:\program files\Exact Audio Copy\uninst.exe
AddRemove-FLAC - g:\program files\FLAC\uninstall.exe
AddRemove-LucasArts' Star Wars Rebellion - g:\program files\LucasArts\Star Wars Rebellion\DeIsL1.isu
AddRemove-MAGIX Media Manager 2004 silver - g:\program files\Media_Manager_2004\instslct.exe
AddRemove-Mozilla Firefox (3.5.2) - g:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-Network Stumbler - g:\program files\Network Stumbler\uninst.exe
AddRemove-BitTorrent - g:\program files\BitTorrent\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 20:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-875316218-1655087133-2662556715-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE6D54A2-B3CB-6167-C2F7-77DBB814DCA7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakgglojfccjhopink"=hex:6a,61,6e,6e,6e,6f,6d,68,68,62,6f,68,70,61,65,6d,64,61,
6c,68,00,00
"haahmacohefcccji"=hex:69,61,6c,6e,62,68,63,6d,62,63,61,6a,62,67,70,6b,6a,64,
00,00
.
Completion time: 2009-11-04 20:22
ComboFix-quarantined-files.txt 2009-11-04 04:21

Pre-Run: 6,277,365,760 bytes free
Post-Run: 6,234,992,640 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

and the DDS...


DDS (Ver_09-10-13.01) - NTFSx86
Run by Fairy at 20:24:57.82 on Tue 11/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.63 [GMT -8:00]

AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fairy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\fairy\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-21 64160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-4-4 2944]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-4-4 10368]

=============== Created Last 30 ================

2009-11-02 20:57 <DIR> a-dshr-- C:\cmdcons
2009-11-02 20:55 <DIR> --d----- C:\Misfit11548M
2009-11-02 20:49 <DIR> --d----- C:\Misfit32596M
2009-11-02 20:45 <DIR> --d----- C:\Misfit25107M
2009-11-02 20:38 236,544 a------- c:\windows\PEV.exe
2009-11-02 20:38 161,792 a------- c:\windows\SWREG.exe
2009-11-02 20:38 98,816 a------- c:\windows\sed.exe
2009-11-02 20:38 77,312 a------- c:\windows\MBR.exe
2009-11-02 20:38 <DIR> --d----- C:\Misfit
2009-10-14 08:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 08:33 812,344 a------- C:\HijackThisInstaller.exe
2009-10-12 19:37 81,984 a------- c:\windows\system32\bdod.bin
2009-10-11 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-11 14:01 <DIR> --d----- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-09-28 16:36 18,854 a------- c:\docume~1\alluse~1\applic~1\ohete.exe
2009-09-28 16:36 14,220 a------- c:\windows\ralihep.sys
2009-09-28 16:36 11,522 a------- c:\docume~1\alluse~1\applic~1\durawoqehu.pif
2009-09-28 16:36 10,863 a------- c:\docume~1\alluse~1\applic~1\inupag.bin
2009-09-28 16:35 16,335 a------- c:\windows\efabuna.dat
2009-09-28 16:35 19,118 a------- c:\windows\system32\tysaw.pif
2009-09-28 16:35 16,114 a------- c:\windows\ficemec.pif
2009-09-28 16:35 13,902 a------- c:\program files\common files\kitibozul.dll
2009-09-28 16:35 12,102 a------- c:\windows\alyju.com
2009-09-28 16:35 10,521 a------- c:\docume~1\fairy\applic~1\dykyqan.scr
2009-09-28 16:35 10,386 a------- c:\docume~1\alluse~1\applic~1\sikege.dll
2009-09-28 16:34 16,463 a------- c:\docume~1\fairy\applic~1\xocagedi.dat
2009-09-28 16:34 15,271 a------- c:\docume~1\alluse~1\applic~1\tesopire.bin
2009-09-28 16:34 15,232 a------- c:\program files\common files\lyvinog.dll
2009-09-28 16:34 14,828 a------- c:\windows\ihyxadodeq.pif
2009-09-28 16:34 14,368 a------- c:\docume~1\fairy\applic~1\dufypanuqy.exe
2009-09-28 16:34 13,241 a------- c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
2009-06-30 12:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-06-30 12:02 49,152 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat

============= FINISH: 20:25:24.87 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 04 November 2009 - 01:21 AM

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/264421/google-links-redirected-and-other-issues/?p=1484770
Collect::
c:\docume~1\alluse~1\applic~1\ohete.exe
c:\windows\ralihep.sys
c:\docume~1\alluse~1\applic~1\durawoqehu.pif
c:\docume~1\alluse~1\applic~1\inupag.bin
c:\windows\efabuna.dat
c:\windows\system32\tysaw.pif
c:\windows\ficemec.pif
c:\program files\common files\kitibozul.dll
c:\windows\alyju.com
c:\docume~1\fairy\applic~1\dykyqan.scr
c:\docume~1\alluse~1\applic~1\sikege.dll
c:\docume~1\fairy\applic~1\xocagedi.dat
c:\docume~1\alluse~1\applic~1\tesopire.bin
c:\program files\common files\lyvinog.dll
c:\windows\ihyxadodeq.pif
c:\docume~1\fairy\applic~1\dufypanuqy.exe
c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Regnull::
[HKEY_USERS\S-1-5-21-875316218-1655087133-2662556715-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE6D54A2-B3CB-6167-C2F7-77DBB814DCA7}*]
DDS::
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into Misfit.exe. Have system connected to internet so the file samples can be submitted.
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 06 November 2009 - 09:16 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, November 6, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, November 06, 2009 04:03:25
Records in database: 3148246
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 75955
Threats found: 3
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 05:26:26


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\MSIVXtuwqbwwortiqpxevppfmllbdmrxptnio.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\MSIVXgxwkklttqxdlaswrrjkcrtngjqlrhmuy.dll.vir Infected: Trojan.Win32.Agent2.kug 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\MSIVXnpedwhlhpuyarvjubhxvropdxdxxtdpl.dll.vir Infected: Trojan.Win32.Agent2.kuh 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP379\A0187755.dll Infected: Trojan.Win32.Agent2.kug 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP379\A0187756.sys Infected: Packed.Win32.TDSS.z 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP379\A0187757.dll Infected: Trojan.Win32.Agent2.kuh 1

Selected area has been scanned.

ComboFix 09-11-04.02 - Fairy 11/04/2009 21:45.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.93 [GMT -8:00]
Running from: c:\documents and settings\Fairy\Desktop\Misfit.exe
Command switches used :: c:\documents and settings\Fairy\Desktop\CFScript.txt
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

file zipped: c:\docume~1\alluse~1\applic~1\durawoqehu.pif
file zipped: c:\docume~1\alluse~1\applic~1\inupag.bin
file zipped: c:\docume~1\alluse~1\applic~1\ohete.exe
file zipped: c:\docume~1\alluse~1\applic~1\sikege.dll
file zipped: c:\docume~1\alluse~1\applic~1\tesopire.bin
file zipped: c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
file zipped: c:\docume~1\fairy\applic~1\dufypanuqy.exe
file zipped: c:\docume~1\fairy\applic~1\dykyqan.scr
file zipped: c:\docume~1\fairy\applic~1\xocagedi.dat
file zipped: c:\program files\common files\kitibozul.dll
file zipped: c:\program files\common files\lyvinog.dll
file zipped: c:\windows\alyju.com
file zipped: c:\windows\efabuna.dat
file zipped: c:\windows\ficemec.pif
file zipped: c:\windows\ihyxadodeq.pif
file zipped: c:\windows\ralihep.sys
file zipped: c:\windows\system32\tysaw.pif
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\durawoqehu.pif
c:\docume~1\alluse~1\applic~1\inupag.bin
c:\docume~1\alluse~1\applic~1\ohete.exe
c:\docume~1\alluse~1\applic~1\sikege.dll
c:\docume~1\alluse~1\applic~1\tesopire.bin
c:\docume~1\alluse~1\applic~1\wyhedicyqa.dat
c:\docume~1\fairy\applic~1\dufypanuqy.exe
c:\docume~1\fairy\applic~1\dykyqan.scr
c:\docume~1\fairy\applic~1\xocagedi.dat
c:\documents and settings\Fairy\Cookies\fakaheqode.reg
c:\documents and settings\Fairy\Cookies\havugil.com
c:\documents and settings\Fairy\Cookies\igagi._sy
c:\documents and settings\Fairy\Cookies\pehadogox.bin
c:\documents and settings\Fairy\Cookies\raxo.inf
c:\documents and settings\Fairy\Cookies\sukelaxyza.lib
c:\documents and settings\Fairy\Cookies\uvatiki.dat
c:\documents and settings\Fairy\Cookies\yvuhuvyhy.reg
c:\documents and settings\Fairy\Cookies\yzygyveki.dl
c:\program files\common files\kitibozul.dll
c:\program files\common files\lyvinog.dll
c:\windows\alyju.com
c:\windows\efabuna.dat
c:\windows\ficemec.pif
c:\windows\ihyxadodeq.pif
c:\windows\ralihep.sys
c:\windows\system32\tysaw.pif

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 05:35 . 2009-11-05 05:35 -------- d-----w- c:\windows\LastGood
2009-11-05 04:45 . 2009-11-05 04:45 152576 ----a-w- c:\documents and settings\Fairy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 18:57 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-04 18:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-04 18:47 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 04:55 . 2009-11-03 06:03 -------- d-----w- C:\Misfit11548M
2009-11-03 04:49 . 2009-11-03 04:54 -------- d-----w- C:\Misfit32596M
2009-11-03 04:45 . 2009-11-03 04:48 -------- d-----w- C:\Misfit25107M
2009-11-03 04:38 . 2009-11-03 04:40 -------- d-----w- C:\Misfit
2009-10-14 16:35 . 2009-10-14 16:35 -------- d-----w- c:\program files\Trend Micro
2009-10-14 16:33 . 2009-10-14 16:34 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-13 03:37 . 2009-10-13 03:37 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-11 22:30 . 2009-10-11 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-10-11 22:01 . 2009-10-13 03:41 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-11 21:45 . 2009-10-11 21:50 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 05:07 . 2008-01-14 02:10 -------- d-----w- c:\program files\Java
2009-11-05 05:01 . 2009-09-21 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 05:00 . 2004-11-15 18:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-20 16:51 . 2009-09-21 03:27 -------- d-----w- c:\program files\Magix
2009-10-19 20:25 . 2004-11-09 02:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 01:16 . 2005-02-03 15:45 -------- d-----w- c:\program files\Maxis
2009-10-11 22:10 . 2009-09-29 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-11 12:17 . 2009-02-10 20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 23:45 . 2009-10-04 23:45 1961720 ----a-w- c:\documents and settings\Fairy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-09-29 00:35 . 2009-09-29 00:35 16666 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\kiko.exe
2009-09-29 00:35 . 2009-09-29 00:35 12423 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\ejotija.exe
2009-09-29 00:34 . 2009-09-29 00:34 18455 ----a-w- c:\documents and settings\Fairy\Local Settings\Application Data\obefitifol.pif
2009-09-24 17:53 . 2004-11-09 02:28 -------- d-----w- c:\program files\Common Files\Real
2009-09-24 17:52 . 2009-09-24 17:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 04:38 . 2008-01-27 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-20 04:36 . 2008-01-27 07:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 03:38 . 2009-09-20 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 03:38 . 2007-11-19 05:00 -------- d-----w- c:\program files\iTunes
2009-09-20 03:37 . 2009-09-20 03:37 -------- d-----w- c:\program files\iPod
2009-09-20 03:37 . 2007-07-28 22:22 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 03:31 . 2009-09-20 03:28 -------- d-----w- c:\program files\QuickTime
2009-09-20 03:08 . 2009-09-20 03:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-17 18:38 . 2008-08-07 06:24 -------- d-----w- c:\documents and settings\Fairy\Application Data\BitTorrent
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 05:03 . 2009-08-23 05:03 152576 ----a-w- c:\documents and settings\Fairy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_04.15.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 05:30 . 2009-11-05 05:30 16384 c:\windows\temp\Perflib_Perfdata_700.dat
+ 2007-04-17 05:45 . 2009-08-07 03:24 44768 c:\windows\SYSTEM32\wups2.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 35552 c:\windows\SYSTEM32\WUPS.DLL
+ 2004-08-04 11:00 . 2009-08-07 03:24 53472 c:\windows\SYSTEM32\wuauclt.exe
+ 2004-08-04 11:00 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\wdigest.dll
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\SYSTEM32\tzchange.exe
+ 2004-08-04 11:00 . 2009-06-12 12:31 76288 c:\windows\SYSTEM32\telnet.exe
+ 2009-11-04 18:27 . 2009-08-07 03:24 44768 c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-04 18:27 . 2009-08-07 03:24 35552 c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2004-08-04 11:00 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\secur32.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\secur32.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 44544 c:\windows\SYSTEM32\pngfilt.dll
- 2004-11-09 02:11 . 2009-11-01 13:44 64602 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-11-09 02:11 . 2009-11-05 05:19 64602 c:\windows\SYSTEM32\PERFC009.DAT
+ 2006-11-08 04:03 . 2009-06-29 16:12 52224 c:\windows\SYSTEM32\msfeedsbs.dll
- 2006-11-08 04:03 . 2009-04-29 04:55 52224 c:\windows\SYSTEM32\msfeedsbs.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 27648 c:\windows\SYSTEM32\jsproxy.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 44544 c:\windows\SYSTEM32\iernonce.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 44544 c:\windows\SYSTEM32\iernonce.dll
+ 2009-06-20 15:29 . 2009-06-29 16:12 78336 c:\windows\SYSTEM32\ieencode.dll
- 2009-06-20 15:29 . 2009-04-29 04:55 78336 c:\windows\SYSTEM32\ieencode.dll
+ 2004-08-04 11:00 . 2009-06-29 11:07 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2004-08-04 11:00 . 2009-04-28 09:05 70656 c:\windows\SYSTEM32\ie4uinit.exe
- 2006-10-17 18:58 . 2009-04-29 04:55 63488 c:\windows\SYSTEM32\icardie.dll
+ 2006-10-17 18:58 . 2009-06-29 16:12 63488 c:\windows\SYSTEM32\icardie.dll
+ 2004-08-04 11:00 . 2009-07-29 04:37 81920 c:\windows\SYSTEM32\fontsub.dll
+ 2004-08-04 11:00 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DRIVERS\ksecdd.sys
+ 2004-08-04 11:00 . 2009-08-07 03:24 35552 c:\windows\SYSTEM32\DLLCACHE\wups.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 53472 c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\SYSTEM32\DLLCACHE\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\SYSTEM32\DLLCACHE\telnet.exe
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\SYSTEM32\DLLCACHE\secur32.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-06-27 14:34 . 2009-06-29 16:12 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-06-27 14:34 . 2009-04-29 04:55 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\SYSTEM32\DLLCACHE\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\SYSTEM32\DLLCACHE\ksecdd.sys
+ 2007-04-18 12:31 . 2009-06-29 16:12 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-04-18 12:31 . 2009-04-29 04:55 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-06-27 08:27 . 2009-04-28 09:05 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2007-06-27 08:27 . 2009-06-29 11:07 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2006-11-07 10:26 . 2009-06-29 16:12 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2006-11-07 10:26 . 2009-04-29 04:55 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2009-06-20 15:29 . 2009-04-29 04:55 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
+ 2009-06-20 15:29 . 2009-06-29 16:12 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll
- 2006-11-07 10:26 . 2009-04-28 09:05 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2006-11-07 10:26 . 2009-06-29 11:07 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 81920 c:\windows\SYSTEM32\DLLCACHE\fontsub.dll
+ 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 96480 c:\windows\SYSTEM32\DLLCACHE\cdm.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\SYSTEM32\DLLCACHE\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\DLLCACHE\atl.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 17408 c:\windows\SYSTEM32\corpol.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 96480 c:\windows\SYSTEM32\cdm.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 84992 c:\windows\SYSTEM32\avifil32.dll
+ 2004-08-04 11:00 . 2009-06-10 14:13 84992 c:\windows\SYSTEM32\avifil32.dll
+ 2004-08-04 11:00 . 2009-07-17 19:01 58880 c:\windows\SYSTEM32\atl.dll
- 2004-08-04 11:00 . 2008-04-14 00:11 58880 c:\windows\SYSTEM32\atl.dll
+ 2009-06-25 03:56 . 2009-06-25 03:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 08:49 . 2008-05-28 08:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 03:58 . 2007-04-14 03:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 04:30 . 2007-04-14 04:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 09:30 . 2008-05-28 09:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-11-05 05:22 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-11-05 05:22 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-11-05 05:22 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-11-05 05:22 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-11-05 05:22 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-11-05 05:22 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 90112 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b9bf7cfc\System.Drawing.Design.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 61440 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6aba0b96\CustomMarshalers.dll
+ 2009-11-05 05:26 . 2009-11-05 05:26 81920 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e299fd71b4c71854673c47f85b4cf180\Microsoft.Build.Framework.ni.dll
+ 2009-11-05 05:26 . 2009-11-05 05:26 15360 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\662febc2f309e92a880682f527f4e426\dfsvc.ni.exe
+ 2009-11-05 05:26 . 2009-11-05 05:26 27136 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\1a67452bf4558b2574698b6008e7af74\Accessibility.ni.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 90112 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 90112 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 81920 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 32768 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 12800 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 28672 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 77824 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 36864 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 77824 c:\windows\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 13312 c:\windows\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 10752 c:\windows\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 72192 c:\windows\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 69120 c:\windows\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 7168 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-04-10 22:11 . 2008-04-10 22:11 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 5632 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-04-10 22:13 . 2008-04-10 22:13 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 6656 c:\windows\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 8192 c:\windows\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 209632 c:\windows\SYSTEM32\wuweb.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 327896 c:\windows\SYSTEM32\wucltui.dll
+ 2004-08-04 11:00 . 2009-08-07 03:23 575704 c:\windows\SYSTEM32\wuapi.dll
+ 2004-08-04 11:00 . 2009-04-03 20:15 485376 c:\windows\SYSTEM32\wmspdmod.dll
+ 2004-08-04 11:00 . 2009-07-12 20:21 233472 c:\windows\SYSTEM32\wmpdxm.dll
- 2004-08-04 11:00 . 2004-08-04 11:00 233472 c:\windows\SYSTEM32\wmpdxm.dll
+ 2004-08-04 11:00 . 2009-06-10 06:14 132096 c:\windows\SYSTEM32\wkssvc.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 132096 c:\windows\SYSTEM32\wkssvc.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 827392 c:\windows\SYSTEM32\wininet.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 827392 c:\windows\SYSTEM32\wininet.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 233472 c:\windows\SYSTEM32\webcheck.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 233472 c:\windows\SYSTEM32\webcheck.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-07-29 04:37 119808 c:\windows\SYSTEM32\t2embed.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\schannel.dll
- 2004-11-09 02:11 . 2009-11-01 13:44 408238 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-11-09 02:11 . 2009-11-05 05:19 408238 c:\windows\SYSTEM32\PERFH009.DAT
+ 2004-08-04 11:00 . 2009-06-29 16:12 102912 c:\windows\SYSTEM32\occache.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 102912 c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 11:00 . 2009-08-05 09:01 204800 c:\windows\SYSTEM32\mswebdvd.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 671232 c:\windows\SYSTEM32\mstime.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 671232 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 193024 c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 193024 c:\windows\SYSTEM32\msrating.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 477696 c:\windows\SYSTEM32\mshtmled.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 477696 c:\windows\SYSTEM32\mshtmled.dll
+ 2006-11-08 04:03 . 2009-06-29 16:12 459264 c:\windows\SYSTEM32\msfeeds.dll
- 2006-11-08 04:03 . 2009-04-29 04:55 459264 c:\windows\SYSTEM32\msfeeds.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\lsasrv.dll
+ 2004-08-04 11:00 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\kerberos.dll
- 2004-08-04 11:00 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\jscript.dll
+ 2004-08-04 11:00 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\jscript.dll
+ 2009-11-05 04:53 . 2009-10-11 12:17 149280 c:\windows\SYSTEM32\javaws.exe
- 2009-08-23 05:08 . 2009-07-25 12:23 149280 c:\windows\SYSTEM32\javaws.exe
- 2009-08-23 05:08 . 2009-07-25 12:23 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-11-05 04:53 . 2009-10-11 12:17 145184 c:\windows\SYSTEM32\javaw.exe
- 2009-08-23 05:08 . 2009-07-25 12:23 145184 c:\windows\SYSTEM32\java.exe
+ 2009-11-05 04:53 . 2009-10-11 12:17 145184 c:\windows\SYSTEM32\java.exe
+ 2006-10-17 18:57 . 2009-06-29 16:12 268288 c:\windows\SYSTEM32\iertutil.dll
- 2006-10-17 18:57 . 2009-04-29 04:55 268288 c:\windows\SYSTEM32\iertutil.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 385024 c:\windows\SYSTEM32\iedkcs32.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 385024 c:\windows\SYSTEM32\iedkcs32.dll
+ 2006-10-17 18:27 . 2009-06-29 16:12 380928 c:\windows\SYSTEM32\ieapfltr.dll
- 2004-08-04 11:00 . 2009-04-25 05:26 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-04 11:00 . 2009-06-29 08:33 161792 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 230400 c:\windows\SYSTEM32\ieaksie.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 230400 c:\windows\SYSTEM32\ieaksie.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 153088 c:\windows\SYSTEM32\ieakeng.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 153088 c:\windows\SYSTEM32\ieakeng.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 133120 c:\windows\SYSTEM32\extmgr.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 214528 c:\windows\SYSTEM32\dxtrans.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 347136 c:\windows\SYSTEM32\dxtmsft.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 209632 c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
+ 2004-08-04 11:00 . 2009-08-07 03:24 327896 c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
+ 2004-08-04 11:00 . 2009-08-07 03:23 575704 c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
+ 2009-04-03 20:15 . 2009-04-03 20:15 485376 c:\windows\SYSTEM32\DLLCACHE\wmspdmod.dll
+ 2009-07-12 20:21 . 2009-07-12 20:21 233472 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\SYSTEM32\DLLCACHE\wkssvc.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 827392 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 827392 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-11-08 04:03 . 2009-04-29 04:56 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-11-08 04:03 . 2009-06-29 16:12 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-10-17 19:05 . 2009-06-29 16:12 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2006-10-17 19:05 . 2009-04-29 04:56 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2009-07-29 04:37 . 2009-07-29 04:37 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll
+ 2006-08-21 16:52 . 2009-08-26 08:00 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2006-08-21 16:52 . 2008-10-03 10:02 247326 c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\SYSTEM32\DLLCACHE\schannel.dll
- 2006-10-17 19:04 . 2009-04-29 04:56 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2006-10-17 19:04 . 2009-06-29 16:12 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\SYSTEM32\DLLCACHE\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\SYSTEM32\DLLCACHE\msv1_0.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-06-27 14:34 . 2009-04-29 04:55 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-06-27 14:34 . 2009-06-29 16:12 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2009-06-18 15:51 . 2009-06-25 08:25 730112 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\SYSTEM32\DLLCACHE\kerberos.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2006-10-17 19:04 . 2009-06-29 08:35 634632 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-06-27 14:34 . 2009-06-29 16:12 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-06-27 14:34 . 2009-04-29 04:55 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2006-11-07 10:27 . 2009-06-29 16:12 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2006-11-07 10:27 . 2009-04-29 04:55 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-06-27 14:34 . 2009-06-29 16:12 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2006-11-07 10:25 . 2009-06-29 08:33 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2006-11-07 10:25 . 2009-04-25 05:26 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2006-11-07 10:27 . 2009-04-29 04:55 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-11-07 10:27 . 2009-06-29 16:12 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2006-11-07 10:26 . 2009-04-29 04:55 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2006-11-07 10:26 . 2009-06-29 16:12 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-04-18 12:31 . 2009-04-29 04:55 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-04-18 12:31 . 2009-04-29 04:55 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-04-18 12:31 . 2009-04-29 04:55 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2006-11-07 10:26 . 2009-04-29 04:55 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2006-11-07 10:26 . 2009-06-29 16:12 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2004-08-04 11:00 . 2009-04-29 04:55 124928 c:\windows\SYSTEM32\advpack.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 124928 c:\windows\SYSTEM32\advpack.dll
+ 2009-08-08 10:35 . 2009-08-08 10:35 819016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-05-28 08:49 . 2008-05-28 08:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 03:58 . 2007-04-14 03:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 03:56 . 2007-04-14 03:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 09:30 . 2008-05-28 09:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 04:30 . 2007-04-14 04:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-11-05 05:23 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-11-05 05:23 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-11-05 05:22 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-11-05 05:22 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-11-05 05:22 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-11-05 05:22 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-11-05 05:15 . 2009-11-05 05:15 835584 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_083bc40f\System.Drawing.dll
+ 2009-11-05 05:53 . 2009-11-05 05:53 237568 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\6b8f2e778eba3931057217c2512b201c\System.Web.RegularExpressions.ni.dll
+ 2009-11-05 05:50 . 2009-11-05 05:50 684032 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\4bdd3ce8337c4619dfb09de5ab3f9b62\System.Transactions.ni.dll
+ 2009-11-05 05:50 . 2009-11-05 05:50 233472 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.ServiceProce#\47d862e0dc37c830cc3397decf6c0590\System.ServiceProcess.ni.dll
+ 2009-11-05 05:49 . 2009-11-05 05:49 733184 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\428a3be3d5be01f129e0effdc455d831\System.Security.ni.dll
+ 2009-11-05 05:49 . 2009-11-05 05:49 294912 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.Wrapper.dll
+ 2009-11-05 05:49 . 2009-11-05 05:49 659456 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ff85d9d54701c8cde7b513ff808fd5e3\System.EnterpriseServices.ni.dll
+ 2009-11-05 05:23 . 2009-11-05 05:23 229376 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4593151ab44d4f61e4cafaf9e77a8d25\System.Drawing.Design.ni.dll
+ 2009-11-05 05:48 . 2009-11-05 05:48 512000 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\135aa2f31c01565700d44313b925a205\System.DirectoryServices.Protocols.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 167936 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ab1dd1079764acac4cbe55d6555f4ff7\Microsoft.Build.Utilities.ni.dll
+ 2009-11-05 05:26 . 2009-11-05 05:26 876544 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9e2334dbe9e76dd6fc2bde86c9b515b9\Microsoft.Build.Engine.ni.dll
+ 2009-11-05 05:26 . 2009-11-05 05:26 237568 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\58ec7ce15fd463d65d3e45db4e0613cf\CustomMarshalers.ni.dll
+ 2009-11-05 05:26 . 2009-11-05 05:26 884736 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\2a66ea6b955eabdb437c6cfcac78c45e\AspNetMMCExt.ni.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 839680 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 884736 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 884736 c:\windows\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 114688 c:\windows\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 131072 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 299008 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 299008 c:\windows\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 258048 c:\windows\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 372736 c:\windows\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 630784 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 630784 c:\windows\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 401408 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 188416 c:\windows\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 933888 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 933888 c:\windows\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 741376 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 741376 c:\windows\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 425984 c:\windows\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 110592 c:\windows\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 671744 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 671744 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 372736 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 110592 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-10 22:13 . 2008-04-10 22:13 749568 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 655360 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 348160 c:\windows\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 507904 c:\windows\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 261120 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 261120 c:\windows\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 113664 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 258048 c:\windows\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 483840 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 483840 c:\windows\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-11-04 19:00 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-04 11:00 . 2009-08-07 03:23 1929952 c:\windows\SYSTEM32\wuaueng.dll
- 2004-08-04 11:00 . 2006-12-08 00:02 2174976 c:\windows\SYSTEM32\wmvcore.dll
+ 2004-08-04 11:00 . 2009-05-27 00:53 2174976 c:\windows\SYSTEM32\WMVCore.dll
+ 2004-08-04 11:00 . 2009-07-12 20:21 4874240 c:\windows\SYSTEM32\wmp.dll
- 2004-08-04 11:00 . 2009-04-29 04:56 1159680 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2009-06-29 16:12 1159680 c:\windows\SYSTEM32\urlmon.dll
- 2004-08-04 11:00 . 2008-04-14 00:12 1435648 c:\windows\SYSTEM32\query.dll
+ 2004-08-04 11:00 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\query.dll
+ 2004-08-04 11:00 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\quartz.dll
+ 1980-01-01 06:00 . 2009-08-05 04:44 2189184 c:\windows\SYSTEM32\ntoskrnl.exe
+ 1980-01-01 06:00 . 2009-08-04 14:20 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
- 1980-01-01 06:00 . 2009-02-08 02:02 2066048 c:\windows\SYSTEM32\ntkrnlpa.exe
+ 2004-08-04 11:00 . 2009-06-10 17:19 2066432 c:\windows\SYSTEM32\mstscax.dll
+ 2004-08-04 11:00 . 2009-07-19 13:33 3597824 c:\windows\SYSTEM32\mshtml.dll
+ 2006-11-08 04:03 . 2009-07-19 13:32 6067200 c:\windows\SYSTEM32\ieframe.dll
+ 2006-09-06 06:01 . 2009-06-29 08:33 2452872 c:\windows\SYSTEM32\ieapfltr.dat
+ 2004-08-04 11:00 . 2009-08-07 03:23 1929952 c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
- 2006-12-08 00:02 . 2006-12-08 00:02 2174976 c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2006-12-08 00:02 . 2009-05-27 00:53 2174976 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2009-07-12 20:21 . 2009-07-12 20:21 4874240 c:\windows\SYSTEM32\DLLCACHE\wmp.dll
+ 2007-04-18 12:31 . 2009-06-29 16:12 1159680 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-04-18 12:31 . 2009-04-29 04:56 1159680 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\SYSTEM32\DLLCACHE\query.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-10-14 19:01 . 2009-08-05 04:44 2189184 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
+ 2008-10-14 19:01 . 2009-08-04 14:20 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
- 2008-10-14 19:01 . 2009-02-06 10:32 2023936 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
+ 2008-10-14 19:01 . 2009-08-04 14:20 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
- 2008-10-14 19:01 . 2009-02-08 02:02 2066048 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
+ 2008-10-14 19:01 . 2009-08-04 15:13 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
- 2008-10-14 19:01 . 2009-02-06 11:06 2145280 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
+ 2004-08-04 11:00 . 2009-06-10 17:19 2066432 c:\windows\SYSTEM32\DLLCACHE\mstscax.dll
+ 2007-05-04 12:29 . 2009-07-19 13:33 3597824 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-06-27 14:34 . 2009-07-19 13:32 6067200 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2007-04-17 09:32 . 2009-06-29 08:33 2452872 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
+ 2009-08-08 10:35 . 2009-08-08 10:35 5849920 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 10:35 . 2009-08-08 10:35 4345856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 04:35 . 2007-04-14 04:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 09:35 . 2008-05-28 09:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2008-05-28 08:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 03:57 . 2007-04-14 03:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 08:43 . 2008-05-28 08:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 03:50 . 2007-04-14 03:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-08-10 07:32 . 2009-08-10 07:32 5288960 c:\windows\Installer\20ece9.msp
+ 2009-11-05 05:22 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-11-05 05:22 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-11-05 05:22 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-11-05 05:22 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2008-10-14 19:01 . 2009-08-05 04:44 2189184 c:\windows\Driver Cache\I386\ntoskrnl.exe
- 2008-10-14 19:01 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\I386\ntkrpamp.exe
+ 2008-10-14 19:01 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\I386\ntkrpamp.exe
- 2008-10-14 19:01 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\I386\ntkrnlpa.exe
+ 2008-10-14 19:01 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\I386\ntkrnlpa.exe
- 2008-10-14 19:01 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2008-10-14 19:01 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\I386\ntkrnlmp.exe
+ 2009-11-05 05:14 . 2009-11-05 05:14 1966080 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_801fd436\System.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 2088960 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_1014447c\System.Xml.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 3018752 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_0c3c3709\System.Windows.Forms.dll
+ 2009-11-05 05:15 . 2009-11-05 05:15 1470464 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_84f37dcb\System.Design.dll
+ 2009-11-05 05:15 . 2009-11-05 05:15 3391488 c:\windows\ASSEMBLY\NativeImages1_v1.1.4322\MSCORLIB\1.0.5000.0__b77a5c561934e089_32714be8\mscorlib.dll
+ 2009-11-05 05:21 . 2009-11-05 05:21 8310784 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll
+ 2009-11-05 05:24 . 2009-11-05 05:25 5771264 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll
+ 2009-11-05 05:53 . 2009-11-05 05:53 1986560 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\aa319d767042e97c692041f76f123f2f\System.Web.Services.ni.dll
+ 2009-11-05 05:53 . 2009-11-05 05:53 2342912 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\b7092e8403b56e3913488855e45a35ff\System.Web.Mobile.ni.dll
+ 2009-11-05 05:23 . 2009-11-05 05:23 1667072 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 1224704 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\e96695c65a4104ee4687f3e5f0581d34\System.DirectoryServices.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 1798144 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\f0a1895c7d475f156ed4cdd9f0bd2797\System.Deployment.ni.dll
+ 2009-11-05 05:22 . 2009-11-05 05:22 7102464 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data\b39a611d2b2fc659d5472dd76b24d3b2\System.Data.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 1011712 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\e2de26078a8c3d29dbfcf408e23aa2b1\System.Configuration.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 1740800 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ed0cdc51d89bb41a9ab760ca3cf52bf9\Microsoft.VisualBasic.ni.dll
+ 2009-11-05 05:27 . 2009-11-05 05:27 1695744 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\b846f5c1b90e4222e79a420d92062f79\Microsoft.Build.Tasks.ni.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 3076096 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-11-05 05:17 . 2009-11-05 05:17 3076096 c:\windows\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 2068480 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 2068480 c:\windows\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-04-10 22:12 . 2008-04-10 22:13 5013504 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 5013504 c:\windows\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-04-10 22:14 . 2008-04-10 22:14 5070848 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 5070848 c:\windows\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 5431296 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 5431296 c:\windows\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-04-10 22:12 . 2008-04-10 22:12 3036160 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-05 05:18 . 2009-11-05 05:18 3036160 c:\windows\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-11-05 05:17 . 2009-11-05 05:17 4345856 c:\windows\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-31 03:45 . 2007-07-31 03:45 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 1232896 c:\windows\ASSEMBLY\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-31 03:44 . 2007-07-31 03:44 1265664 c:\windows\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-05 05:14 . 2009-11-05 05:14 1265664 c:\windows\ASSEMBLY\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-11 05:08 . 2009-08-11 05:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 22:09 . 2009-08-10 22:09 17254912 c:\windows\Installer\20ece1.msp
+ 2009-11-05 05:24 . 2009-11-05 05:24 13193216 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll
+ 2009-11-05 05:51 . 2009-11-05 05:52 12517376 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\16a34a274ee877b4cf03d1a1bb57eb82\System.Web.ni.dll
+ 2009-11-05 05:23 . 2009-11-05 05:23 10936320 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\System.Design\2aab58cae4d998cf867f483302e94c27\System.Design.ni.dll
+ 2009-11-05 05:21 . 2009-11-05 05:21 11436032 c:\windows\ASSEMBLY\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-28 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

c:\documents and settings\Fairy\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-28 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-8 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11897:TCP"= 11897:TCP:BitTorrent

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [4/4/2008 8:06 AM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [4/4/2008 8:03 AM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [4/4/2008 8:06 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [4/4/2008 8:05 AM 10368]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 22:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-05 22:16
ComboFix-quarantined-files.txt 2009-11-05 06:16
ComboFix2.txt 2009-11-04 04:22

Pre-Run: 5,542,801,408 bytes free
Post-Run: 5,551,763,456 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
Upload was successful


DDS (Ver_09-10-13.01) - NTFSx86
Run by Fairy at 6:07:12.84 on Fri 11/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.109 [GMT -8:00]

AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Fairy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\fairy\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-4-4 2944]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2008-4-4 10368]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

=============== Created Last 30 ================

2009-11-04 21:40 <DIR> --d----- C:\Misfit8159M
2009-11-04 20:53 73,728 a------- c:\windows\system32\javacpl.cpl
2009-11-04 10:57 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-11-04 10:57 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-04 10:50 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-11-04 10:47 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-11-02 20:57 <DIR> a-dshr-- C:\cmdcons
2009-11-02 20:55 <DIR> --d----- C:\Misfit11548M
2009-11-02 20:49 <DIR> --d----- C:\Misfit32596M
2009-11-02 20:45 <DIR> --d----- C:\Misfit25107M
2009-11-02 20:38 267,264 a------- c:\windows\PEV.exe
2009-11-02 20:38 161,792 a------- c:\windows\SWREG.exe
2009-11-02 20:38 98,816 a------- c:\windows\sed.exe
2009-11-02 20:38 77,312 a------- c:\windows\MBR.exe
2009-11-02 20:38 <DIR> --d----- C:\Misfit
2009-10-14 08:35 <DIR> --d----- c:\program files\Trend Micro
2009-10-14 08:33 812,344 a------- C:\HijackThisInstaller.exe
2009-10-12 19:37 81,984 a------- c:\windows\system32\bdod.bin
2009-10-11 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-10-11 14:01 <DIR> --d----- c:\program files\common files\BitDefender

==================== Find3M ====================

2009-10-11 04:17 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 06:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 06:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 13:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 13:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 00:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 00:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 07:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-30 12:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-06-30 12:02 49,152 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009063020090701\index.dat

============= FINISH: 6:08:25.71 ===============


Not sure if this is connected to anything, but I have a file called "WGAPluginInstall.exe" that I was attempting to use to allow me to download Microsoft updates with Firefox, but it wouldn't run and now it won't let me delete. It tells me it is being used by another program. Could it be connected?

Thanks for all of your time.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 06 November 2009 - 10:37 AM

Not sure if this is connected to anything, but I have a file called "WGAPluginInstall.exe" that I was attempting to use to allow me to download Microsoft updates with Firefox, but it wouldn't run and now it won't let me delete. It tells me it is being used by another program. Could it be connected?

Hi,

I don't think the file is connected to the issue. Where did you get the file?


Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\Fairy\Local Settings\Application Data\kiko.exe
c:\documents and settings\Fairy\Local Settings\Application Data\ejotija.exe
c:\documents and settings\Fairy\Local Settings\Application Data\obefitifol.pif


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. How's the system running?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 06 November 2009 - 08:58 PM

WGAPluginInstall was from the Microsoft website, but got hung-up during installation. Now I can't access Firefox (due to the external drive issue) and can't delete the .exe either. I also tried uninstalling Firefox when I had the access to the drive, but still faced the same problem. Thought there might have been a possibility of malware, but prolly just a bug.

Computer is going soooooooo well right now, thank you for the assistance. I plan on donating as soon as possible (fiancee just got employed after 15 mos. and a son) for the help.

Here's the log:

ComboFix 09-11-05.05 - Fairy 11/06/2009 17:07.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -8:00]
Running from: c:\documents and settings\Fairy\Desktop\Misfit.exe
Command switches used :: c:\documents and settings\Fairy\Desktop\CFScript.txt
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}

FILE ::
"c:\documents and settings\Fairy\Local Settings\Application Data\ejotija.exe"
"c:\documents and settings\Fairy\Local Settings\Application Data\kiko.exe"
"c:\documents and settings\Fairy\Local Settings\Application Data\obefitifol.pif"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fairy\Local Settings\Application Data\ejotija.exe
c:\documents and settings\Fairy\Local Settings\Application Data\kiko.exe
c:\documents and settings\Fairy\Local Settings\Application Data\obefitifol.pif

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-06 19:56 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-11-06 19:50 . 2009-11-06 19:54 -------- dc-h--w- c:\windows\ie8
2009-11-05 06:30 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Fairy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-05 06:28 . 2009-11-05 06:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-05 06:24 . 2009-11-05 06:24 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-05 06:23 . 2009-11-05 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 06:23 . 2009-11-05 06:23 -------- d-----w- c:\program files\NOS
2009-11-05 05:40 . 2009-11-05 06:17 -------- d-----w- C:\Misfit8159M
2009-11-05 04:45 . 2009-11-05 04:45 152576 ----a-w- c:\documents and settings\Fairy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 18:57 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-04 18:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-04 18:47 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-11-03 04:55 . 2009-11-03 06:03 -------- d-----w- C:\Misfit11548M
2009-11-03 04:49 . 2009-11-03 04:54 -------- d-----w- C:\Misfit32596M
2009-11-03 04:45 . 2009-11-03 04:48 -------- d-----w- C:\Misfit25107M
2009-11-03 04:38 . 2009-11-03 04:40 -------- d-----w- C:\Misfit
2009-10-14 16:35 . 2009-10-14 16:35 -------- d-----w- c:\program files\Trend Micro
2009-10-14 16:33 . 2009-10-14 16:34 812344 ----a-w- C:\HijackThisInstaller.exe
2009-10-13 03:37 . 2009-10-13 03:37 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-11 22:30 . 2009-10-11 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-10-11 22:01 . 2009-10-13 03:41 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-11 21:45 . 2009-10-11 21:50 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 06:48 . 2004-11-15 18:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-05 05:07 . 2008-01-14 02:10 -------- d-----w- c:\program files\Java
2009-11-05 05:01 . 2009-09-21 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-20 16:51 . 2009-09-21 03:27 -------- d-----w- c:\program files\Magix
2009-10-19 20:25 . 2004-11-09 02:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 01:16 . 2005-02-03 15:45 -------- d-----w- c:\program files\Maxis
2009-10-11 22:10 . 2009-09-29 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-11 12:17 . 2009-02-10 20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 23:45 . 2009-10-04 23:45 1961720 ----a-w- c:\documents and settings\Fairy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-09-24 17:53 . 2004-11-09 02:28 -------- d-----w- c:\program files\Common Files\Real
2009-09-24 17:52 . 2009-09-24 17:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 04:38 . 2008-01-27 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-20 04:36 . 2008-01-27 07:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 03:38 . 2009-09-20 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 03:38 . 2007-11-19 05:00 -------- d-----w- c:\program files\iTunes
2009-09-20 03:37 . 2009-09-20 03:37 -------- d-----w- c:\program files\iPod
2009-09-20 03:37 . 2007-07-28 22:22 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 03:31 . 2009-09-20 03:28 -------- d-----w- c:\program files\QuickTime
2009-09-20 03:08 . 2009-09-20 03:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-17 18:38 . 2008-08-07 06:24 -------- d-----w- c:\documents and settings\Fairy\Application Data\BitTorrent
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 05:03 . 2009-08-23 05:03 152576 ----a-w- c:\documents and settings\Fairy\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_06.04.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 00:54 . 2009-11-07 00:54 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat
+ 2007-07-30 00:02 . 2009-01-08 02:21 26144 c:\windows\SYSTEM32\spupdsvc.exe
- 2007-07-30 00:02 . 2009-01-08 01:21 26144 c:\windows\SYSTEM32\spupdsvc.exe
+ 2007-08-15 20:26 . 2009-01-08 02:20 16928 c:\windows\SYSTEM32\spmsg.dll
- 2007-08-15 20:26 . 2009-01-08 01:20 16928 c:\windows\SYSTEM32\spmsg.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 46592 c:\windows\SYSTEM32\pngfilt.dll
- 2006-06-29 15:05 . 2009-01-08 01:20 23552 c:\windows\SYSTEM32\normaliz.dll
+ 2006-06-29 15:05 . 2009-01-08 02:20 23552 c:\windows\SYSTEM32\normaliz.dll
+ 2006-06-29 00:59 . 2009-01-08 02:20 24576 c:\windows\SYSTEM32\nlsdl.dll
- 2006-06-29 00:59 . 2009-01-08 01:20 24576 c:\windows\SYSTEM32\nlsdl.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 48128 c:\windows\SYSTEM32\mshtmler.dll
- 2004-08-04 11:00 . 2006-10-17 18:28 48128 c:\windows\SYSTEM32\mshtmler.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 66560 c:\windows\SYSTEM32\mshtmled.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 45568 c:\windows\SYSTEM32\mshta.exe
- 2004-08-04 11:00 . 2006-10-17 18:56 45568 c:\windows\SYSTEM32\mshta.exe
+ 2006-10-17 18:58 . 2009-03-08 12:31 13312 c:\windows\SYSTEM32\msfeedssync.exe
+ 2006-11-08 04:03 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\msfeedsbs.dll
+ 2004-08-04 11:00 . 2009-03-08 12:34 43008 c:\windows\SYSTEM32\licmgr10.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\jsproxy.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 94720 c:\windows\SYSTEM32\inseng.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 34816 c:\windows\SYSTEM32\imgutil.dll
- 2006-11-07 10:26 . 2009-03-08 11:32 36864 c:\windows\SYSTEM32\ieudinit.exe
+ 2006-11-07 10:26 . 2009-03-08 12:32 36864 c:\windows\SYSTEM32\ieudinit.exe
+ 2004-08-04 11:00 . 2009-03-08 12:32 71680 c:\windows\SYSTEM32\iesetup.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 55808 c:\windows\SYSTEM32\iernonce.dll
- 2006-06-29 15:05 . 2009-01-08 01:20 26112 c:\windows\SYSTEM32\idndl.dll
+ 2006-06-29 15:05 . 2009-01-08 02:20 26112 c:\windows\SYSTEM32\idndl.dll
+ 2006-10-17 18:58 . 2009-03-08 12:31 59904 c:\windows\SYSTEM32\icardie.dll
+ 2009-06-21 01:37 . 2009-08-29 08:08 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
- 2009-06-21 01:37 . 2009-04-30 21:22 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll
+ 2007-04-18 12:31 . 2009-03-08 12:31 46592 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-10-17 18:28 . 2006-10-17 18:28 48128 c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2006-10-17 18:28 . 2009-03-08 12:31 48128 c:\windows\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2007-04-18 12:31 . 2009-03-08 12:31 66560 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2006-10-17 18:56 . 2006-10-17 18:56 45568 c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2006-10-17 18:56 . 2009-03-08 12:31 45568 c:\windows\SYSTEM32\DLLCACHE\mshta.exe
+ 2007-06-27 14:34 . 2009-08-29 08:08 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2006-10-17 19:05 . 2009-03-08 12:34 43008 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2007-04-18 12:31 . 2009-08-29 08:08 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 94720 c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2006-10-17 18:57 . 2009-03-08 12:31 34816 c:\windows\SYSTEM32\DLLCACHE\imgutil.dll
- 2007-06-27 08:27 . 2009-06-29 11:07 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2007-06-27 08:27 . 2009-08-28 10:28 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2004-08-04 11:00 . 2009-03-08 12:32 71680 c:\windows\SYSTEM32\DLLCACHE\iesetup.dll
+ 2006-11-07 10:26 . 2009-03-08 12:32 55808 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 12:31 59904 c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2006-10-17 18:44 . 2009-03-08 12:24 68608 c:\windows\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 12:33 18944 c:\windows\SYSTEM32\DLLCACHE\corpol.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 72704 c:\windows\SYSTEM32\DLLCACHE\admparse.dll
+ 2004-08-04 11:00 . 2009-03-08 12:33 18944 c:\windows\SYSTEM32\corpol.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 72704 c:\windows\SYSTEM32\admparse.dll
+ 2009-11-05 06:31 . 2009-11-05 06:31 21504 c:\windows\Installer\355b02.msi
+ 2009-11-05 06:29 . 2009-11-05 06:29 27648 c:\windows\Installer\355afd.msi
+ 2009-11-06 19:56 . 2009-03-08 12:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-11-06 19:56 . 2009-03-08 12:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-11-06 19:56 . 2009-03-08 12:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-11-06 19:53 . 2009-03-08 22:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 44544 c:\windows\ie8\pngfilt.dll
+ 2009-11-06 19:50 . 2006-10-17 18:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-11-06 19:50 . 2006-10-17 18:56 45568 c:\windows\ie8\mshta.exe
+ 2009-11-06 19:51 . 2006-10-17 18:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-11-06 19:50 . 2009-08-29 07:36 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-11-06 19:50 . 2006-10-17 19:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 27648 c:\windows\ie8\jsproxy.dll
+ 2009-11-06 19:50 . 2006-11-07 10:26 92672 c:\windows\ie8\inseng.dll
+ 2009-11-06 19:50 . 2006-10-17 18:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-11-06 19:50 . 2006-11-07 10:26 55296 c:\windows\ie8\iesetup.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 44544 c:\windows\ie8\iernonce.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 78336 c:\windows\ie8\ieencode.dll
+ 2009-11-06 19:50 . 2009-08-28 10:28 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-11-06 19:50 . 2009-08-29 07:36 63488 c:\windows\ie8\icardie.dll
+ 2009-11-06 19:50 . 2006-10-17 18:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 17408 c:\windows\ie8\corpol.dll
+ 2009-11-06 19:50 . 2006-11-07 10:26 71680 c:\windows\ie8\admparse.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-11-06 19:38 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-11-06 19:38 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-11-06 19:38 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-11-06 19:38 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-06 19:57 . 2009-03-08 12:35 2048 c:\windows\ie8updates\KB975364-IE8\iecompat.dll
- 2007-08-17 19:34 . 2009-01-08 01:21 121856 c:\windows\SYSTEM32\xmllite.dll
+ 2007-08-17 19:34 . 2009-01-08 02:21 121856 c:\windows\SYSTEM32\xmllite.dll
+ 2006-10-17 19:05 . 2009-03-08 12:34 208384 c:\windows\SYSTEM32\WinFXDocObj.exe
+ 2004-08-04 11:00 . 2009-03-08 12:34 236544 c:\windows\SYSTEM32\webcheck.dll
+ 2004-08-04 11:00 . 2009-03-08 12:33 420352 c:\windows\SYSTEM32\vbscript.dll
- 2004-08-04 11:00 . 2009-06-29 16:12 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-03-08 12:34 105984 c:\windows\SYSTEM32\url.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\occache.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 611840 c:\windows\SYSTEM32\mstime.dll
+ 2004-08-04 11:00 . 2009-03-08 12:34 193536 c:\windows\SYSTEM32\msrating.dll
+ 2004-08-04 11:00 . 2009-03-08 12:22 156160 c:\windows\SYSTEM32\msls31.dll
- 2004-08-04 11:00 . 2006-11-08 04:03 156160 c:\windows\SYSTEM32\msls31.dll
+ 2006-11-08 04:03 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\msfeeds.dll
- 2009-01-08 01:20 . 2009-01-08 01:20 265720 c:\windows\SYSTEM32\msdbg2.dll
+ 2009-01-08 01:20 . 2009-01-08 02:20 265720 c:\windows\SYSTEM32\msdbg2.dll
+ 2004-08-04 11:00 . 2009-03-08 12:33 726528 c:\windows\SYSTEM32\jscript.dll
+ 2006-11-08 04:03 . 2009-03-08 12:22 164352 c:\windows\SYSTEM32\ieui.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\iepeers.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\iedkcs32.dll
+ 2006-10-17 18:27 . 2009-03-08 12:11 445952 c:\windows\SYSTEM32\ieapfltr.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 163840 c:\windows\SYSTEM32\ieakui.dll
+ 2004-08-04 11:00 . 2009-03-08 12:33 229376 c:\windows\SYSTEM32\ieaksie.dll
+ 2004-08-04 11:00 . 2009-03-08 12:33 125952 c:\windows\SYSTEM32\ieakeng.dll
+ 2004-08-04 11:00 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\ie4uinit.exe
- 2004-08-04 11:00 . 2009-06-29 16:12 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-08-29 07:36 133120 c:\windows\SYSTEM32\extmgr.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 216064 c:\windows\SYSTEM32\dxtrans.dll
+ 2004-08-04 11:00 . 2009-03-08 12:31 348160 c:\windows\SYSTEM32\dxtmsft.dll
+ 2007-04-18 12:31 . 2009-08-29 08:08 916480 c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2006-11-08 04:03 . 2009-03-08 12:34 236544 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2006-12-19 18:08 . 2009-03-08 12:33 759296 c:\windows\SYSTEM32\DLLCACHE\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 12:33 420352 c:\windows\SYSTEM32\DLLCACHE\vbscript.dll
+ 2006-10-17 19:05 . 2009-03-08 12:34 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2006-10-17 19:05 . 2009-06-29 16:12 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2009-01-08 02:20 . 2009-01-08 02:20 134144 c:\windows\SYSTEM32\DLLCACHE\sqmapi.dll
+ 2009-01-08 02:20 . 2009-01-08 02:20 474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2006-10-17 19:04 . 2009-08-29 08:08 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2007-04-18 12:31 . 2009-03-08 12:32 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-04-18 12:31 . 2009-03-08 12:34 193536 c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2006-11-08 04:03 . 2009-03-08 12:22 156160 c:\windows\SYSTEM32\DLLCACHE\msls31.dll
- 2006-11-08 04:03 . 2006-11-08 04:03 156160 c:\windows\SYSTEM32\DLLCACHE\msls31.dll
+ 2007-06-27 14:34 . 2009-08-29 08:08 594432 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 12:33 726528 c:\windows\SYSTEM32\DLLCACHE\jscript.dll
+ 2006-10-17 19:04 . 2009-03-08 22:09 638816 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2009-06-21 01:37 . 2009-08-29 08:08 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
- 2009-06-21 01:37 . 2009-04-30 21:22 246272 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll
+ 2007-04-18 12:31 . 2009-08-29 08:08 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2006-11-07 10:27 . 2009-08-29 08:08 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2007-06-27 14:34 . 2009-03-08 12:11 445952 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2006-11-07 10:25 . 2009-03-08 12:32 163840 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2006-11-07 10:27 . 2009-03-08 12:33 229376 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2006-11-07 10:26 . 2009-03-08 12:33 125952 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2006-11-07 10:26 . 2009-08-28 10:35 173056 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2007-04-18 12:31 . 2009-06-29 16:12 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-04-18 12:31 . 2009-08-29 07:36 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-04-18 12:31 . 2009-03-08 12:31 216064 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-04-18 12:31 . 2009-03-08 12:31 348160 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2006-11-07 10:26 . 2009-03-08 12:32 128512 c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2004-08-04 11:00 . 2009-03-08 12:32 128512 c:\windows\SYSTEM32\advpack.dll
+ 2009-11-06 19:57 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB975364-IE8\spuninst\updspapi.dll
+ 2009-11-06 19:57 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB975364-IE8\spuninst\spuninst.exe
+ 2009-11-06 19:56 . 2009-03-08 12:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-11-06 19:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-11-06 19:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-11-06 19:56 . 2009-03-08 12:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-11-06 19:56 . 2009-03-08 12:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-11-06 19:56 . 2009-03-08 12:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-11-06 19:56 . 2009-03-08 12:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-11-06 19:56 . 2009-03-08 22:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-11-06 19:56 . 2009-03-08 12:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-11-06 19:51 . 2009-08-29 07:36 832512 c:\windows\ie8\wininet.dll
+ 2009-11-06 19:51 . 2006-10-17 19:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-11-06 19:51 . 2009-08-29 07:36 233472 c:\windows\ie8\webcheck.dll
+ 2009-11-06 19:51 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-11-06 19:51 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 105984 c:\windows\ie8\url.dll
+ 2009-11-06 19:53 . 2009-01-08 02:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-11-06 19:53 . 2009-01-08 02:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-11-06 19:50 . 2006-09-06 23:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-11-06 19:50 . 2009-08-29 07:36 102912 c:\windows\ie8\occache.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 671232 c:\windows\ie8\mstime.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 193024 c:\windows\ie8\msrating.dll
+ 2009-11-06 19:50 . 2006-11-08 04:03 156160 c:\windows\ie8\msls31.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 477696 c:\windows\ie8\mshtmled.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 459264 c:\windows\ie8\msfeeds.dll
+ 2009-11-06 19:50 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2009-11-06 19:50 . 2009-08-27 05:18 634648 c:\windows\ie8\iexplore.exe
+ 2009-11-06 19:51 . 2006-11-08 04:03 180736 c:\windows\ie8\ieui.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 268288 c:\windows\ie8\iertutil.dll
+ 2009-11-06 19:51 . 2006-11-08 04:03 287744 c:\windows\ie8\ieproxy.dll
+ 2009-11-06 19:50 . 2006-11-08 04:03 191488 c:\windows\ie8\iepeers.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-11-06 19:50 . 2009-08-27 05:18 161792 c:\windows\ie8\ieakui.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 230400 c:\windows\ie8\ieaksie.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 153088 c:\windows\ie8\ieakeng.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 214528 c:\windows\ie8\dxtrans.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 124928 c:\windows\ie8\advpack.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-11-06 19:38 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-11-06 19:38 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-11-06 19:38 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-11-06 19:38 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-11-06 19:38 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-11-06 19:38 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-11-06 19:38 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\urlmon.dll
+ 2004-08-04 11:00 . 2009-08-29 08:08 5940224 c:\windows\SYSTEM32\mshtml.dll
+ 2006-10-17 18:57 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\iertutil.dll
+ 2006-09-06 06:01 . 2009-02-07 05:07 3698584 c:\windows\SYSTEM32\ieapfltr.dat
+ 2007-04-18 12:31 . 2009-08-29 08:08 1208832 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2009-01-08 02:20 . 2009-01-08 02:20 1497088 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2007-05-04 12:29 . 2009-08-29 08:08 5940224 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-06-27 14:34 . 2009-08-29 08:08 1985536 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-04-17 09:32 . 2009-02-07 05:07 3698584 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
+ 2009-01-08 02:20 . 2009-01-08 02:20 1022976 c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2009-11-05 06:50 . 2009-11-05 06:50 3940352 c:\windows\Installer\45f0db.msi
+ 2009-11-06 19:56 . 2009-03-08 12:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-11-06 19:56 . 2009-03-08 12:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-11-06 19:56 . 2009-03-08 12:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2009-11-06 19:51 . 2009-08-29 07:36 1168384 c:\windows\ie8\urlmon.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 3598336 c:\windows\ie8\mshtml.dll
+ 2009-11-06 19:50 . 2009-08-29 07:36 6067200 c:\windows\ie8\ieframe.dll
+ 2009-11-06 19:50 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-11-06 19:38 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-11-06 19:38 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-11-06 19:38 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2007-07-31 03:56 . 2009-10-02 19:01 25198016 c:\windows\SYSTEM32\MRT.exe
+ 2006-11-08 04:03 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\ieframe.dll
+ 2007-06-27 14:34 . 2009-08-29 08:08 11069440 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2009-11-06 19:56 . 2009-03-08 12:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-28 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-28 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-14 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-24 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]

c:\documents and settings\Fairy\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-28 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-11-8 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11897:TCP"= 11897:TCP:BitTorrent

S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [4/4/2008 8:06 AM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [4/4/2008 8:03 AM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [4/4/2008 8:06 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [4/4/2008 8:05 AM 10368]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:00 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: {DC6C0400-9E55-4505-B0DB-FC54164E5237} = 192.168.15.1,192.168.15.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 17:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-07 17:36
ComboFix-quarantined-files.txt 2009-11-07 01:36
ComboFix2.txt 2009-11-05 06:17
ComboFix3.txt 2009-11-04 04:22

Pre-Run: 4,948,250,624 bytes free
Post-Run: 4,907,679,744 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - B45260742A45AEADDBB202C680E14C02

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:35 AM

Posted 07 November 2009 - 05:07 AM

WGAPluginInstall was from the Microsoft website, but got hung-up during installation. Now I can't access Firefox (due to the external drive issue) and can't delete the .exe either. I also tried uninstalling Firefox when I had the access to the drive, but still faced the same problem. Thought there might have been a possibility of malware, but prolly just a bug.

Hi,

Have you tried to access the external hard drive after these fixes here? Could you try to delete WGAPluginInstall file in safe mode? If that doesn't work let me know the location path of the file and we'll try to work out something.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 Misfit Wookiee

Misfit Wookiee
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 07 November 2009 - 01:25 PM

For the HD, I get "This device cannot start (Code 10)". It's a Mad Dog MultiMedia external HD enclosure (got it cheap as it was a company that went under) and will replace as soon as possible.

Will try Safe Mode tonight after work (have a 15-month old who just loves to see what's on the laptop) and will let you know what happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users