Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan triggering Symantec email proxy


  • This topic is locked This topic is locked
2 replies to this topic

#1 rigotamus

rigotamus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 23 December 2009 - 04:35 PM

Ok, I've trolled around the internets enough to know that the Symantec Email Proxy windows popping up on my screen are a symptom, not the problem, BUT, I've tried just about every solution I can think of and no joy getting rid of this virus that is trying to send encrypted emails through what i think to be its own SMTP server. It only triggers when an internet connection is active. I have current versions of ComboFix, SDFix, AVG, Symantec AV, VUNDOFIX, KILBOX, and Malwarebytes, and Super Anti Spyware. I've run all safe mode and not safe mode. Only Malwarebytes found anything and it's been eradicated, but the virus persists.

Below is the HiJack This log, the SDFix log, the ComboFix log and a Rooter log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:22:19 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - c:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8227 bytes


**********************************************************************8
COMBO FIX LOG
ComboFix 09-12-20.03 - HJT08 SHW 12/23/2009 16:28:41.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1171 [GMT -5:00]
Running from: c:\documents and settings\HJT08 SHW\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))
.

2009-12-23 21:26 . 2009-12-23 21:26 388096 ----a-r- c:\documents and settings\HJT08 SHW\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-23 15:14 . 2009-12-23 15:19 -------- dc-h--w- c:\windows\ie8
2009-12-23 15:08 . 2009-12-23 15:08 -------- d-----w- C:\VundoFix Backups
2009-12-23 15:02 . 2009-12-23 15:03 -------- d-----w- c:\windows\LastGood
2009-12-23 05:20 . 2009-12-23 05:20 0 ----a-w- C:\SDFix.exe
2009-12-23 04:44 . 2009-12-23 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-23 04:44 . 2009-12-23 04:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-22 14:30 . 2009-12-22 03:52 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-22 14:30 . 2009-12-22 03:52 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-22 14:30 . 2009-12-22 03:52 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-22 14:30 . 2009-12-22 03:52 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-22 04:23 . 2009-12-22 04:23 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-12-22 04:22 . 2009-12-22 04:22 -------- d-----w- c:\windows\ERUNT
2009-12-22 04:12 . 2009-12-23 06:12 -------- d-----w- C:\SDFix
2009-12-22 03:58 . 2009-12-22 03:57 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-22 03:58 . 2009-12-22 03:52 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-22 03:53 . 2009-12-22 03:53 -------- d-----w- C:\$AVG
2009-12-22 03:53 . 2009-12-22 03:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 03:53 . 2009-12-22 03:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 03:53 . 2009-12-22 03:53 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 03:53 . 2009-12-22 03:53 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 03:52 . 2009-12-23 03:51 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-22 03:52 . 2009-12-22 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-22 03:52 . 2009-12-22 03:52 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-22 03:27 . 2009-12-22 03:27 117760 ----a-w- c:\documents and settings\HJT08 SHW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 03:25 . 2009-12-22 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-22 03:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-22 03:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-22 03:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-22 03:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-22 03:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-22 03:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-22 03:24 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-22 03:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-22 03:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-22 03:23 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-22 03:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-22 03:23 . 2009-12-22 03:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 03:23 . 2009-12-22 03:23 -------- d-----w- c:\documents and settings\HJT08 SHW\Application Data\SUPERAntiSpyware.com
2009-12-22 03:14 . 2009-12-22 03:14 -------- d-----w- c:\program files\AVG
2009-12-22 01:37 . 2009-12-23 21:29 -------- d-----w- C:\Rooter$
2009-12-22 01:37 . 2009-12-22 01:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-22 01:37 . 2009-12-22 01:37 -------- d-----w- c:\documents and settings\HJT08 SHW\Application Data\Malwarebytes
2009-12-22 01:37 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 01:37 . 2009-12-22 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 01:37 . 2009-12-22 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 01:37 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 02:32 . 2009-12-23 04:00 -------- d-----w- C:\!KillBox
2009-12-21 02:31 . 2009-12-21 02:31 -------- d-----w- c:\program files\TrendMicro
2009-12-21 02:30 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 02:30 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-21 02:29 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-21 02:28 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-21 02:28 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-21 02:27 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-21 02:27 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 20:33 . 2009-12-23 21:31 704512 ----a-w- c:\windows\system32\drivers\qrfbnxg.sys
2009-12-20 05:30 . 2009-12-20 05:35 -------- d-----w- c:\documents and settings\HJT08 SHW\Local Settings\Application Data\Temp
2009-12-20 05:29 . 2009-12-20 05:29 -------- d-----w- c:\documents and settings\HJT08 SHW\Local Settings\Application Data\Deployment
2009-12-19 01:24 . 2009-12-19 01:25 -------- d-----w- c:\windows\system32\NtmsData
2009-12-19 00:39 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-19 00:39 . 2008-04-14 05:15 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-18 22:35 . 2007-12-13 09:38 262144 ----a-w- c:\windows\system32\setuphpc.exe
2009-12-18 22:35 . 2007-07-09 07:04 172032 ----a-w- c:\windows\system32\vsethpc.dll
2009-11-24 14:15 . 2009-11-24 15:14 -------- d-----w- C:\Shutterware Backup Images

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 21:28 . 2008-08-13 17:46 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-23 04:52 . 2008-07-11 08:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 04:48 . 2008-07-11 08:46 -------- d-----w- c:\program files\Wave Systems Corp
2009-12-23 04:45 . 2008-07-11 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Wave Systems Corp
2009-12-23 03:45 . 2008-08-13 17:09 0 ----a-w- c:\documents and settings\HJT08 SHW\Local Settings\Application Data\WavXMapDrive.bat
2009-12-20 20:33 . 2009-12-20 20:33 28 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-19 14:15 . 2008-07-11 09:01 -------- d-----w- c:\program files\Google
2009-11-11 16:07 . 2009-11-11 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-10-29 07:46 . 2004-08-11 22:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-11 22:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 22:00 79872 ----a-w- c:\windows\system32\raschap.dll
1998-12-09 02:53 . 1998-12-09 02:53 99840 -c--a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\program files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-12-22_03.14.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-06-29 04:42 . 2009-06-29 04:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2008-07-11 08:38 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2004-08-11 22:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-11 22:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2008-07-11 08:59 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-07-11 08:59 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-11 22:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-11 22:00 . 2008-06-23 16:57 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2009-12-23 21:12 81060 c:\windows\system32\perfc009.dat
+ 2006-06-28 22:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 22:11 . 2008-04-14 10:42 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 22:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 23:54 . 2008-06-23 16:57 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 22:11 . 2008-04-14 10:42 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 22:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2004-08-11 22:00 . 2005-01-28 18:44 96768 c:\windows\system32\logagent.exe
+ 2004-08-11 22:00 . 2008-06-10 10:52 96768 c:\windows\system32\logagent.exe
- 2004-08-11 22:00 . 2008-06-23 16:57 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-11 22:00 . 2009-10-29 07:46 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 22:00 . 2008-06-23 09:20 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-10-28 14:36 70656 c:\windows\system32\ie4uinit.exe
- 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
- 2007-08-13 23:36 . 2008-06-23 16:57 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2009-10-29 07:46 63488 c:\windows\system32\icardie.dll
+ 2004-08-11 22:00 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2004-08-11 22:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2004-08-11 22:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2004-08-11 22:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
- 2004-08-11 22:00 . 2008-04-14 10:42 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-11 22:00 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-11 22:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2007-08-13 23:36 . 2008-06-23 16:57 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 23:36 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-08-13 19:23 . 2008-06-23 16:57 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-13 19:23 . 2009-10-29 07:46 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-11 22:00 . 2008-06-10 10:52 96768 c:\windows\system32\dllcache\logagent.exe
- 2004-08-11 22:00 . 2005-01-28 18:44 96768 c:\windows\system32\dllcache\logagent.exe
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2004-08-11 22:00 . 2008-06-23 16:57 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-08-13 19:23 . 2008-06-23 09:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-13 19:23 . 2009-10-28 14:36 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-11 22:00 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39 . 2009-10-28 14:36 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2008-06-23 09:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-13 19:23 . 2009-10-29 07:46 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-08-13 19:23 . 2008-06-23 16:57 63488 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-11 22:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2004-08-11 22:00 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 17408 c:\windows\system32\dllcache\corpol.dll
- 2004-08-11 22:00 . 2008-04-14 10:41 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-11 22:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2004-08-11 22:00 . 2008-04-14 10:41 84992 c:\windows\system32\avifil32.dll
+ 2004-08-11 22:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2004-08-11 22:00 . 2008-04-14 10:41 58880 c:\windows\system32\atl.dll
+ 2004-08-11 22:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-12-22 03:22 . 2009-12-22 03:22 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-12-22 03:23 . 2009-12-22 03:23 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-12-22 03:23 . 2009-12-22 03:23 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-12-23 15:18 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 44544 c:\windows\ie8\pngfilt.dll
+ 2009-12-23 15:14 . 2007-08-13 23:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-12-23 15:14 . 2007-08-13 23:32 45568 c:\windows\ie8\mshta.exe
+ 2009-12-23 15:14 . 2007-08-13 23:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-12-23 15:14 . 2009-10-29 07:46 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-12-23 15:14 . 2007-08-13 23:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 27648 c:\windows\ie8\jsproxy.dll
+ 2009-12-23 15:14 . 2007-08-13 23:39 92672 c:\windows\ie8\inseng.dll
+ 2009-12-23 15:14 . 2007-08-13 23:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-12-23 15:14 . 2007-08-13 23:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 44544 c:\windows\ie8\iernonce.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 78336 c:\windows\ie8\ieencode.dll
+ 2009-12-23 15:14 . 2009-10-28 14:36 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-12-23 15:14 . 2009-10-29 07:46 63488 c:\windows\ie8\icardie.dll
+ 2009-12-23 15:14 . 2007-08-13 23:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 17408 c:\windows\ie8\corpol.dll
+ 2009-12-23 15:14 . 2007-08-13 23:39 71680 c:\windows\ie8\admparse.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-22 14:50 . 2008-06-23 09:20 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-22 14:50 . 2008-06-23 16:57 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-22 14:50 . 2008-04-14 10:41 81920 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-22 14:50 . 2008-06-23 09:20 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-22 14:50 . 2008-06-23 16:57 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-22 14:50 . 2008-04-14 10:41 35328 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0a47dcef\System.Drawing.Design.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_8e963e37\CustomMarshalers.dll
+ 2009-12-22 03:23 . 2009-12-22 03:23 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2008-08-13 17:56 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
- 2008-08-13 17:56 . 2008-04-14 10:42 121856 c:\windows\system32\xmllite.dll
+ 2004-08-11 22:00 . 2009-04-10 06:01 413032 c:\windows\system32\wmspdmod.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-11 22:00 . 2009-07-12 17:21 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-11 22:00 . 2007-10-27 22:40 227328 c:\windows\system32\wmasf.dll
+ 2004-08-11 22:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-11 22:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 354304 c:\windows\system32\winhttp.dll
+ 2009-03-11 03:18 . 2009-03-11 03:18 934792 c:\windows\system32\WgaTray.exe
+ 2009-03-11 03:18 . 2009-03-11 03:18 239496 c:\windows\system32\WgaLogon.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 233472 c:\windows\system32\webcheck.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 22:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 22:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 22:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
+ 2004-08-11 22:00 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
+ 2004-08-11 22:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-11 22:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-08-11 22:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-11 22:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-11 22:00 . 2009-12-23 21:12 449682 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2008-04-14 10:42 284160 c:\windows\system32\pdh.dll
+ 2004-08-11 22:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 102912 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 102912 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-11 22:00 . 2008-10-15 16:34 337408 c:\windows\system32\netapi32.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 337408 c:\windows\system32\netapi32.dll
+ 2004-08-11 22:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-11 22:00 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 671232 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 671232 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 193024 c:\windows\system32\msrating.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 193024 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 477696 c:\windows\system32\mshtmled.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2008-06-23 16:57 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 22:11 . 2008-04-14 10:42 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-11 22:11 . 2008-04-14 10:42 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-11 22:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2004-08-11 22:00 . 2008-04-14 10:41 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 22:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-11 22:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2004-08-11 22:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2007-08-13 23:34 . 2009-10-29 07:46 268288 c:\windows\system32\iertutil.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2009-10-29 07:46 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 22:00 . 2008-06-21 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 230400 c:\windows\system32\ieaksie.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 230400 c:\windows\system32\ieaksie.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2008-10-23 12:36 286720 c:\windows\system32\gdi32.dll
- 2004-08-11 22:06 . 2008-11-11 20:17 165912 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:06 . 2009-12-23 03:44 165912 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:00 . 2008-06-23 16:57 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2004-08-11 22:00 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-11 22:00 . 2008-06-20 11:40 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-11 22:00 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
+ 2004-08-11 22:00 . 2009-04-10 06:01 413032 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-11 22:00 . 2009-07-12 17:21 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-11 22:00 . 2007-10-27 22:40 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-11 03:18 . 2009-03-11 03:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2009-03-11 03:18 . 2009-03-11 03:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 23:54 . 2008-06-23 16:57 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-11 22:12 . 2007-08-13 23:54 765952 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-11 22:12 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 23:44 . 2009-10-29 07:46 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2008-06-23 16:57 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-11 22:12 . 2008-04-14 10:42 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-11 22:12 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-11 22:00 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-11 22:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2007-08-13 23:44 . 2008-06-23 16:57 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2009-10-29 07:46 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-11 22:00 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 23:44 . 2008-06-23 16:57 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 23:44 . 2009-10-29 07:46 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 23:54 . 2008-06-23 16:57 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-13 19:23 . 2008-06-23 16:57 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-13 19:23 . 2009-10-29 07:46 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2004-08-11 22:11 . 2008-04-14 10:42 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2007-08-13 23:38 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2007-08-13 23:38 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-11 22:12 . 2009-10-28 06:54 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-13 19:23 . 2009-10-29 07:46 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 23:39 . 2009-10-29 07:46 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-13 19:23 . 2009-10-29 07:46 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-11 22:00 . 2008-06-21 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-10-23 12:36 . 2008-10-23 12:36 286720 c:\windows\system32\dllcache\gdi32.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-20 11:40 . 2008-06-20 11:40 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
- 2007-08-13 23:39 . 2008-06-23 16:57 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-13 23:39 . 2009-10-29 07:46 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-11 22:00 . 2008-06-23 16:57 124928 c:\windows\system32\advpack.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 124928 c:\windows\system32\advpack.dll
- 2004-08-11 22:00 . 2008-04-14 10:41 617472 c:\windows\system32\advapi32.dll
+ 2004-08-11 22:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-12-22 03:22 . 2009-12-22 03:22 429568 c:\windows\Installer\39706.msi
+ 2009-12-22 03:52 . 2009-12-22 03:52 424448 c:\windows\Installer\1e49e0.msi
+ 2009-12-23 15:14 . 2009-10-29 07:46 832512 c:\windows\ie8\wininet.dll
+ 2009-12-23 15:14 . 2007-08-13 23:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-12-23 15:14 . 2009-10-29 07:46 233472 c:\windows\ie8\webcheck.dll
+ 2009-12-23 15:14 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2009-12-23 15:14 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 105984 c:\windows\ie8\url.dll
+ 2009-12-23 15:18 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-12-23 15:18 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-12-23 15:14 . 2006-09-06 22:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-12-23 15:14 . 2009-10-29 07:46 102912 c:\windows\ie8\occache.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 671232 c:\windows\ie8\mstime.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 193024 c:\windows\ie8\msrating.dll
+ 2009-12-23 15:14 . 2007-08-13 23:54 156160 c:\windows\ie8\msls31.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 477696 c:\windows\ie8\mshtmled.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 459264 c:\windows\ie8\msfeeds.dll
+ 2009-12-23 15:14 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2009-12-23 15:14 . 2009-10-28 06:54 634632 c:\windows\ie8\iexplore.exe
+ 2009-12-23 15:14 . 2007-08-13 23:54 180736 c:\windows\ie8\ieui.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 268288 c:\windows\ie8\iertutil.dll
+ 2009-12-23 15:14 . 2007-08-13 23:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-12-23 15:14 . 2007-08-13 23:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-12-23 15:14 . 2009-10-28 06:52 161792 c:\windows\ie8\ieakui.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 230400 c:\windows\ie8\ieaksie.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 153088 c:\windows\ie8\ieakeng.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 214528 c:\windows\ie8\dxtrans.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 124928 c:\windows\ie8\advpack.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 826368 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-22 14:51 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-22 14:51 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-22 14:50 . 2008-06-23 16:57 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-22 14:50 . 2008-06-23 09:20 625664 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-22 14:50 . 2008-06-23 16:57 267776 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 384512 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 383488 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-22 14:50 . 2008-06-21 05:23 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-12-22 14:07 . 2007-08-13 23:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-12-22 14:07 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-12-22 14:07 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2009-12-22 04:22 . 2009-12-22 04:22 176128 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-12-22 04:22 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-12-22 04:22 . 2009-12-22 04:22 176128 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-12-22 04:22 . 2008-08-07 20:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-12-22 03:23 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-12-22 14:03 . 2009-12-22 14:03 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3f76dfba\System.Drawing.dll
+ 2009-12-22 14:03 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-11 22:00 . 2009-05-20 17:24 2373504 c:\windows\system32\WMVCore.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 4874240 c:\windows\system32\wmp.dll
+ 2004-08-11 22:00 . 2009-07-12 17:21 4874240 c:\windows\system32\wmp.dll
+ 2004-08-11 22:00 . 2008-06-10 11:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2004-08-11 22:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-11 22:00 . 2009-10-29 07:46 1168384 c:\windows\system32\urlmon.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 8461312 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 1435648 c:\windows\system32\query.dll
+ 2004-08-11 22:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
- 2004-08-11 22:00 . 2008-04-14 05:54 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-11 22:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 03:59 . 2008-04-14 05:01 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 03:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2007-05-15 20:43 . 2009-07-31 15:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-11 22:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-11 22:11 . 2009-06-10 14:19 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-11 22:00 . 2009-10-29 07:46 3598336 c:\windows\system32\mshtml.dll
+ 2008-03-20 23:06 . 2009-03-11 03:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 21:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2004-08-11 22:00 . 2009-05-20 17:24 2373504 c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-13 17:56 . 2008-04-14 10:42 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2008-08-13 17:56 . 2009-07-12 17:21 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-11 22:00 . 2008-06-10 11:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-08-14 13:21 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2007-08-13 23:54 . 2009-10-29 07:46 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
- 2004-08-11 22:00 . 2008-04-14 10:42 1435648 c:\windows\system32\dllcache\query.dll
+ 2004-08-11 22:00 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-08-05 01:44 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-05-15 20:43 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-06-10 14:19 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-11 22:12 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2007-08-13 23:54 . 2009-10-29 07:46 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-13 19:23 . 2009-10-29 07:46 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-08-13 19:23 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-12-22 03:23 . 2009-12-22 03:23 1583616 c:\windows\Installer\3970a.msi
+ 2009-12-23 15:14 . 2009-10-29 07:46 1168384 c:\windows\ie8\urlmon.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 3598336 c:\windows\ie8\mshtml.dll
+ 2009-12-23 15:14 . 2009-10-29 07:46 6067200 c:\windows\ie8\ieframe.dll
+ 2009-12-23 15:14 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-12-22 14:50 . 2008-06-23 16:57 1159680 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-22 14:50 . 2008-06-24 15:57 3592192 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-22 14:50 . 2008-06-23 16:57 6066176 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-12-22 14:50 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dat
+ 2004-08-11 22:24 . 2006-08-21 20:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe
+ 2009-12-22 04:22 . 2009-12-22 04:22 3170304 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-12-22 04:22 . 2009-12-22 04:22 3170304 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-08-05 01:44 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-12-21 02:30 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-12-21 02:29 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-12-21 02:30 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-12-22 14:03 . 2009-12-22 14:03 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_d1d1adb7\System.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_80f65644\System.Xml.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_49978b5b\System.Windows.Forms.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d98fbf7e\System.Design.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ac70fdaa\mscorlib.dll
- 2008-08-13 19:13 . 2008-08-13 19:13 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-12-22 14:03 . 2009-12-22 14:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-12-22 14:02 . 2009-12-22 14:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-08-13 19:13 . 2008-08-13 19:13 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-13 19:20 . 2009-12-01 17:06 25966024 c:\windows\system32\MRT.exe
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\5128b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-22 2033432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-22 03:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/21/2009 10:53 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/21/2009 10:53 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/21/2009 10:52 PM 285392]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/11/2009 12:44 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 accessio;Access memory;c:\windows\system32\drivers\accessio.sys [9/19/2008 6:40 AM 2905]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2/22/2008 8:36 AM 1112560]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]
S4 SessionLauncher;SessionLauncher;c:\docume~1\HJT08S~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\HJT08S~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - qrfbnxg
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qrfbnxg]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(6140)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Dell\QuickSet\dadkeyb.dll
c:\windows\system32\hccutils.DLL
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Completion time: 2009-12-23 16:32:52
ComboFix-quarantined-files.txt 2009-12-23 21:32
ComboFix2.txt 2009-12-22 03:32
ComboFix3.txt 2009-12-22 03:15

Pre-Run: 60,331,839,488 bytes free
Post-Run: 60,295,405,568 bytes free

- - End Of File - - 5B53486E03F38731CB27EA1E73DE0C09


++++++++++++++++++++++++++++++++++++++++++++
ROOTER Log
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:56 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 16:29.28
Path : C:\Documents and Settings\HJT08 SHW\Desktop\Rooter.exe
User : HJT08 SHW ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (832)
______ \??\C:\WINDOWS\system32\csrss.exe (880)
______ \??\C:\WINDOWS\system32\winlogon.exe (904)
______ C:\WINDOWS\system32\services.exe (948)
______ C:\WINDOWS\system32\lsass.exe (960)
______ C:\WINDOWS\system32\svchost.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1192)
______ C:\WINDOWS\System32\svchost.exe (1232)
______ C:\WINDOWS\system32\svchost.exe (1344)
______ C:\WINDOWS\system32\svchost.exe (1420)
______ C:\Program Files\AVG\AVG9\avgchsvx.exe (1464)
______ C:\Program Files\AVG\AVG9\avgrsx.exe (1472)
______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (1628)
______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (1672)
______ C:\Program Files\AVG\AVG9\avgcsrvx.exe (1712)
______ C:\WINDOWS\System32\bcmwltry.exe (1844)
______ C:\WINDOWS\system32\spoolsv.exe (1892)
______ C:\WINDOWS\System32\SCardSvr.exe (1968)
______ C:\WINDOWS\system32\svchost.exe (2040)
______ C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (444)
______ C:\Program Files\AVG\AVG9\avgwdsvc.exe (476)
______ C:\Program Files\Symantec AntiVirus\DefWatch.exe (504)
______ C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (580)
______ C:\WINDOWS\system32\StacSV.exe (636)
______ C:\Program Files\AVG\AVG9\avgnsx.exe (772)
______ C:\WINDOWS\system32\svchost.exe (1992)
______ C:\Program Files\Symantec AntiVirus\Rtvscan.exe (2448)
______ C:\WINDOWS\system32\wdfmgr.exe (2484)
______ C:\Program Files\Apoint\Apoint.exe (2844)
______ C:\Program Files\Apoint\ApMsgFwd.exe (2924)
______ C:\Program Files\Apoint\HidFind.exe (2976)
______ C:\Program Files\Apoint\Apntex.exe (2988)
______ C:\WINDOWS\system32\hkcmd.exe (3016)
______ C:\WINDOWS\system32\igfxpers.exe (3060)
______ C:\WINDOWS\system32\igfxsrvc.exe (3116)
______ C:\Program Files\Dell\QuickSet\quickset.exe (3232)
______ C:\WINDOWS\system32\WLTRAY.exe (3316)
______ C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (3332)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3428)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (3488)
______ C:\PROGRA~1\SYMANT~1\VPTray.exe (3512)
______ C:\PROGRA~1\AVG\AVG9\avgtray.exe (3864)
______ C:\WINDOWS\System32\alg.exe (4032)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1308)
______ C:\WINDOWS\system32\ctfmon.exe (288)
______ C:\WINDOWS\System32\svchost.exe (2760)
______ C:\WINDOWS\system32\cmd.exe (4792)
______ C:\WINDOWS\system32\msiexec.exe (5820)
______ C:\ComboFix\CF30873.cfxxe (5700)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (4720)
______ C:\WINDOWS\system32\wuauclt.exe (3188)
______ C:\Documents and Settings\HJT08 SHW\Desktop\Rooter.exe (3344)
______ C:\ComboFix\CF30873.cfxxe (1724)
______ C:\ComboFix\CF30873.cfxxe (616)
______ C:\WINDOWS\PEV.exe (5908)
______ C:\WINDOWS\explorer.exe (5592)
______ C:\WINDOWS\system32\rundll32.exe (2896)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3312)
______ C:\WINDOWS\system32\NOTEPAD.EXE (2424)
______ C:\WINDOWS\system32\NOTEPAD.EXE (4532)
______ C:\WINDOWS\system32\NOTEPAD.EXE (5532)
______ C:\ComboFix\CF30873.cfxxe (4588)
______ C:\WINDOWS\PEV.exe (6076)
______ C:\ComboFix\NirCmd.cfxxe (4164)
Locked PEV.cfxxe (2836)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:90445824)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:90478080 | Length:79933271040)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2102806113-3399606310-752109320-1005Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2102806113-3399606310-752109320-1005UA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:29.28
.
C:\Rooter$\Rooter_12.txt - (23/12/2009 | 16:29.28)

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:39 PM

Posted 04 January 2010 - 06:52 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:39 PM

Posted 10 January 2010 - 02:51 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users