Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Home SP3 - unknown virus is evading removal.


  • This topic is locked This topic is locked
6 replies to this topic

#1 n8jk

n8jk

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 21 January 2011 - 05:03 PM

This XP home SP3 installation has one user (Administrator). Guest account is turned off.

The virus shuts down Avast! and Malwarebytes about 30 seconds after they're started, and does not allow them to run again during the session. I tried scheduling a boot-time scan, but upon rebooting the scan doesn't occur. Here are the logs:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 1:52:44.37 on Fri 09/19/2003

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}



============== Running Processes ===============





============== Pseudo HJT Report ===============



uStart Page = hxxp://yahoo.sbc.com/dsl

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:28091

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198198893279

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 93.188.163.70,93.188.166.9

TCP: {4A336B5B-4C44-487D-91A6-F493A1B6F815} = 93.188.163.70,93.188.166.9

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\owner~1.dav\applic~1\mozilla\firefox\profiles\e8qpauef.default\

FF - prefs.js: browser.search.selectedEngine - AOL Search

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff



---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============





=============== Created Last 30 ================



2010-08-27 17:50:39 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-08-27 17:50:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-08-27 17:36:48 -------- d-----w- c:\program files\iPod

2010-08-27 17:36:32 -------- d-----w- c:\program files\iTunes

2010-08-27 17:36:32 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-27 17:26:45 -------- d-----w- c:\program files\Bonjour

2010-08-17 13:17:06 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe

2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-07-15 14:50:36 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-18 17:45:17 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll

2010-06-10 04:24:04 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-08 07:06:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-20 05:30:08 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll

2010-04-17 04:41:46 12276560 ----a-w- c:\program files\common files\microsoft shared\office11\MSO.DLL

2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

2010-04-16 15:36:56 406016 -c----w- c:\windows\system32\dllcache\usp10.dll

2010-04-16 13:49:08 503296 ----a-w- c:\program files\common files\microsoft shared\office11\USP10.DLL

2010-03-30 16:24:40 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll

2010-03-11 04:22:44 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-05 14:37:40 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll

2010-02-25 21:11:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 21:11:04 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeploytk.dll

2010-02-22 17:00:36 1430360 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL

2010-02-12 04:33:11 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-02-08 17:28:12 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

2010-01-23 20:33:49 -------- d-sh--w- c:\documents and settings\owner.dave-home\IECompatCache

2010-01-23 20:32:52 -------- d-sh--w- c:\documents and settings\owner.dave-home\PrivacIE

2010-01-23 20:31:46 -------- d-sh--w- c:\documents and settings\owner.dave-home\IETldCache

2010-01-23 20:05:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-23 20:05:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-23 20:05:35 -------- d-----w- c:\windows\ie8updates

2010-01-23 20:05:29 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-01-23 20:02:55 -------- dc-h--w- c:\windows\ie8

2010-01-23 15:21:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software

2010-01-17 14:27:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-13 14:01:25 86016 -c----w- c:\windows\system32\dllcache\cabview.dll

2009-12-24 06:59:40 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll

2009-12-16 18:43:27 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe

2009-12-14 07:08:23 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll

2009-11-27 17:11:44 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2009-11-27 16:07:35 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll

2009-11-27 16:07:34 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll

2009-11-27 16:07:34 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll

2009-11-10 00:55:42 9799128 ----a-w- c:\program files\mozilla firefox\xul.dll

2009-11-10 00:55:41 443352 ----a-w- c:\program files\mozilla firefox\sqlite3.dll

2009-11-10 00:55:37 98304 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll

2009-11-10 00:55:37 87512 ----a-w- c:\program files\mozilla firefox\nssutil3.dll

2009-11-10 00:55:34 710104 ----a-w- c:\program files\mozilla firefox\mozcrt19.dll

2009-11-10 00:55:29 185816 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2009-11-10 00:55:28 23000 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2009-11-10 00:55:28 134616 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2009-10-22 20:44:54 732488 ----a-w- c:\program files\common files\system\msmapi\1033\MSPST32.DLL

2009-10-21 05:38:36 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll

2009-10-21 05:38:36 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll

2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys

2009-10-13 10:30:16 270336 -c----w- c:\windows\system32\dllcache\oakley.dll

2009-10-12 13:38:19 149504 -c----w- c:\windows\system32\dllcache\rastls.dll

2009-10-12 13:38:18 79872 -c----w- c:\windows\system32\dllcache\raschap.dll

2009-09-24 16:50:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-09-24 16:50:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-09-24 16:49:01 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-24 16:46:53 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Apple

2009-09-24 16:46:35 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-09-24 16:46:35 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-09-24 16:45:43 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Apple Computer

2009-09-09 09:12:01 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-04 21:03:36 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll

2009-08-26 18:50:48 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL

2009-08-12 07:24:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:01:48 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-07-21 05:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll

2009-07-17 19:01:06 58880 -c----w- c:\windows\system32\dllcache\atl.dll

2009-07-17 16:22:18 1435648 -c----w- c:\windows\system32\dllcache\query.dll

2009-07-14 03:43:24 286208 -c----w- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-14 03:43:24 10841088 -c----w- c:\windows\system32\dllcache\wmp.dll

2009-07-12 17:11:20 670016 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll

2009-07-07 21:20:42 65536 ----a-w- c:\program files\mozilla firefox\plugins\npdnupdater2.dll

2009-07-07 21:20:42 61440 ----a-w- c:\program files\mozilla firefox\plugins\npdnu.dll

2009-06-29 16:12:14 18944 -c--a-w- c:\windows\system32\dllcache\corpol.dll

2009-06-25 08:25:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll

2009-06-25 08:25:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll

2009-06-25 08:25:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll

2009-06-24 11:18:41 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

2009-06-16 14:36:30 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2009-06-16 14:36:30 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2009-06-12 12:31:39 76288 -c----w- c:\windows\system32\dllcache\telnet.exe

2009-06-10 14:13:29 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll

2009-06-10 13:19:38 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll

2009-06-10 06:14:49 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll

2009-05-18 05:46:44 31048 ----a-w- c:\program files\common files\system\msmapi\1033\DUMPSTER.DLL

2009-05-18 05:28:42 7255872 ----a-w- c:\program files\common files\microsoft shared\web components\10\OWC10.DLL

2009-05-07 15:32:35 345600 -c----w- c:\windows\system32\dllcache\localspl.dll

2009-04-22 02:40:22 118616 ----a-w- c:\program files\common files\system\msmapi\1033\CONTAB32.DLL

2009-04-17 00:09:21 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-04-17 00:09:21 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-04-17 00:09:21 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-04-17 00:09:21 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-04-17 00:09:21 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-04-17 00:09:20 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-04-17 00:09:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-04-17 00:09:20 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-04-17 00:09:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-17 00:08:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2009-04-17 00:08:33 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-04-15 14:51:25 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2009-03-24 21:47:14 8058192 ----a-w- c:\program files\common files\microsoft shared\web components\11\OWC11.DLL

2009-03-21 14:06:58 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll

2009-03-13 00:04:30 709976 ----a-w- c:\program files\common files\system\msmapi\1033\EMSMDB32.DLL

2009-03-08 19:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui

2009-03-08 19:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui

2009-03-08 19:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui

2009-03-08 19:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui

2009-03-08 09:35:32 743424 ------w- c:\program files\internet explorer\iedvtool.dll

2009-03-08 09:35:12 233984 ------w- c:\program files\internet explorer\jsprofilerui.dll

2009-03-08 09:35:04 92160 ------w- c:\program files\internet explorer\iecompat.dll

2009-03-08 09:35:04 144384 ------w- c:\program files\internet explorer\ExtExport.exe

2009-03-08 09:35:04 118272 ------w- c:\program files\internet explorer\JSProfilerCore.dll

2009-03-08 09:35:02 521216 ------w- c:\program files\internet explorer\jsdbgui.dll

2009-03-08 09:35:02 121344 ------w- c:\program files\internet explorer\jsdebuggeride.dll

2009-03-08 09:33:18 12800 ------w- c:\program files\internet explorer\xpshims.dll

2009-03-03 13:02:08 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Identities

2009-02-16 04:25:30 135000 ----a-w- c:\program files\common files\system\msmapi\1033\EMSUI32.DLL

2009-02-16 04:25:22 657232 ----a-w- c:\program files\common files\system\msmapi\1033\OUTEX.DLL

2009-02-16 04:25:20 282968 ----a-w- c:\program files\common files\system\msmapi\1033\PSTPRX32.DLL

2009-02-16 04:25:18 265544 ----a-w- c:\program files\common files\system\msmapi\1033\EMSABP32.DLL

2009-02-16 04:25:18 240984 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST64.DLL

2009-02-16 04:25:14 232280 ----a-w- c:\program files\common files\system\msmapi\1033\SCNPST32.DLL

2009-02-03 19:59:07 56832 -c----w- c:\windows\system32\dllcache\secur32.dll

2009-01-24 18:03:55 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Google

2009-01-22 19:47:02 117648 ----a-w- c:\program files\common files\microsoft shared\windows live\WLLoginProxy.exe

2009-01-22 19:41:30 408448 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

2009-01-22 19:40:02 95128 ----a-w- c:\program files\common files\microsoft shared\windows live\LogicalDevice.dll

2009-01-22 19:40:02 236952 ----a-w- c:\program files\common files\microsoft shared\windows live\HWDeviceLogin.dll

2009-01-22 19:40:02 1141656 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll

2009-01-07 23:20:54 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll

2009-01-07 23:20:54 134144 ------w- c:\program files\internet explorer\sqmapi.dll

2009-01-07 23:20:52 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll

2009-01-07 23:20:52 1497088 -c----w- c:\windows\system32\dllcache\shdocvw.dll

2009-01-07 23:20:52 1022976 -c----w- c:\windows\system32\dllcache\browseui.dll

2009-01-07 23:20:18 355832 ------w- c:\program files\internet explorer\pdm.dll

2009-01-07 23:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll

2008-12-16 12:30:34 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll

2008-12-05 06:54:55 149504 -c----w- c:\windows\system32\dllcache\schannel.dll

2008-11-11 22:03:49 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-11 22:03:29 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2008-10-28 17:23:03 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2008-10-23 12:36:14 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll

2008-10-15 17:39:35 354304 -c----w- c:\windows\system32\dllcache\srv.sys

2008-10-15 17:39:01 1851904 -c----w- c:\windows\system32\dllcache\win32k.sys

2008-10-15 17:38:50 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 17:38:50 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 17:38:49 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 17:38:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2008-09-17 19:29:12 20040 ----a-w- c:\docume~1\owner~1.dav\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll

2008-09-17 19:29:12 20040 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll

2008-09-01 01:39:34 1425912 ----a-w- c:\program files\common files\microsoft shared\office11\MSXML5.DLL

2008-08-30 14:53:09 221184 ----a-w- c:\windows\system32\wmpns.dll

2008-08-30 14:42:16 -------- d-----w- c:\windows\system32\scripting

2008-08-30 14:42:14 -------- d-----w- c:\windows\l2schemas

2008-08-30 14:42:13 -------- d-----w- c:\windows\system32\en

2008-08-30 14:19:17 276992 ------w- c:\windows\system32\wmphoto.dll

2008-08-30 14:19:14 69120 ------w- c:\windows\system32\wlanapi.dll

2008-08-30 14:19:12 712704 ------w- c:\windows\system32\windowscodecs.dll

2008-08-30 14:19:12 346112 ------w- c:\windows\system32\windowscodecsext.dll

2008-08-30 14:19:01 53248 ------w- c:\windows\system32\tsgqec.dll

2008-08-30 14:19:01 50688 ------w- c:\windows\system32\tspkg.dll

2008-08-30 14:17:51 33792 ------w- c:\windows\system32\mmcperf.exe

2008-08-30 14:16:54 7168 ------w- c:\windows\system32\bitsprx4.dll

2008-08-30 14:16:53 233472 ------w- c:\windows\system32\azroles.dll

2008-08-30 14:16:44 136192 ------w- c:\windows\system32\aaclient.dll

2008-08-23 13:05:26 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2008-08-23 13:04:50 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2008-08-17 17:01:21 69632 ----a-r- c:\windows\system32\wctwo51b.exe

2008-08-17 17:01:21 6656 ----a-r- c:\windows\system32\wdtwo51b.dll

2008-08-17 17:01:21 192512 ----a-r- c:\windows\system32\watwo51b.dll

2008-08-17 17:01:20 177664 ----a-r- c:\windows\system32\drivers\wltwo51b.sys

2008-08-17 17:01:20 167936 ----a-r- c:\windows\system32\wntwo51b.cpl

2008-08-17 15:54:13 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Citrix

2008-08-17 15:53:59 61224 ----a-w- c:\documents and settings\owner.dave-home\GoToAssistDownloadHelper.exe

2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\dllcache\es.dll

2008-06-24 16:43:16 74240 -c----w- c:\windows\system32\dllcache\mscms.dll

2008-06-21 17:26:30 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2008-06-21 17:24:54 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2008-06-20 17:46:57 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2008-06-20 17:46:57 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll

2008-06-20 11:51:12 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys

2008-06-20 11:40:08 138496 -c----w- c:\windows\system32\dllcache\afd.sys

2008-06-20 11:08:27 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys

2008-06-17 19:02:19 8462336 -c----w- c:\windows\system32\dllcache\shell32.dll

2008-06-12 14:23:32 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll

2008-06-12 14:23:32 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll

2008-06-12 14:23:32 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll

2008-06-12 14:23:32 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll

2008-06-12 14:23:32 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll

2008-06-12 14:23:32 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll

2008-05-09 10:53:40 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2008-05-09 10:53:40 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

2008-05-09 10:53:40 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2008-05-09 10:53:39 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

2008-05-09 10:53:39 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2008-05-08 11:24:44 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2008-05-07 09:07:23 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2008-05-07 05:12:40 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll

2008-02-24 14:46:37 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\KodakGallery

2008-02-24 14:41:02 -------- d-----w- c:\program files\common files\Kodak

2008-02-19 12:01:50 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Kodak

2008-02-08 21:18:40 5632 ----a-w- c:\windows\system32\ptpusb.dll

2008-02-08 21:18:39 159232 ----a-w- c:\windows\system32\ptpusd.dll

2007-12-29 19:45:19 94208 ----a-w- c:\windows\system32\HPZipt12.dll

2007-12-29 19:45:19 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2007-12-29 19:45:19 61440 ----a-w- c:\windows\system32\HPZinw12.exe

2007-12-29 19:45:19 57344 ----a-w- c:\windows\system32\HPZisn12.dll

2007-12-29 19:45:18 278584 ----a-w- c:\windows\system32\HPZidr12.dll

2007-12-29 19:45:18 204800 ----a-w- c:\windows\system32\HPZipr12.dll

2007-12-29 19:45:06 306688 ----a-w- c:\windows\IsUninst.exe

2007-12-29 19:42:00 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2007-12-29 19:41:51 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2007-12-29 19:40:49 274432 ----a-r- c:\windows\system32\HPZc3212.dll

2007-12-29 19:40:49 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2007-12-29 19:38:04 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2007-12-29 17:54:18 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2007-12-29 15:58:17 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2007-12-29 15:58:17 28040 ----a-w- c:\windows\system32\mdimon.dll

2007-12-29 15:57:08 -------- d-----w- c:\program files\Microsoft ActiveSync

2007-12-29 15:55:50 -------- d-----w- c:\windows\SHELLNEW

2007-12-26 20:44:28 -------- d-----w- c:\program files\Sirius

2007-12-22 16:47:44 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2007-12-22 16:47:42 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2007-12-22 16:47:40 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2007-12-22 16:47:37 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2007-12-22 16:47:35 142592 ----a-w- c:\windows\system32\drivers\aec.sys

2007-12-22 16:47:33 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2007-12-22 16:47:30 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2007-12-22 16:47:27 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2007-12-22 16:47:17 146048 ----a-w- c:\windows\system32\drivers\portcls.sys

2007-12-22 16:47:14 60160 ----a-w- c:\windows\system32\drivers\drmk.sys

2007-12-22 16:45:03 -------- d-----w- c:\program files\CONEXANT

2007-12-22 16:44:46 90112 ----a-w- c:\windows\system32\mdmxsdk.dll

2007-12-22 16:44:46 32218 ----a-w- c:\windows\system32\HSFCI008.dll

2007-12-22 16:44:46 212224 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys

2007-12-22 16:44:46 11043 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys

2007-12-22 16:44:45 680704 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys

2007-12-22 16:44:45 1042432 ----a-w- c:\windows\system32\drivers\HSF_DP.sys

2007-12-22 16:24:44 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys

2007-12-22 16:24:42 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys

2007-12-22 16:24:40 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys

2007-12-22 16:24:33 4096 ----a-w- c:\windows\system32\ksuser.dll

2007-12-22 16:24:33 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2007-12-22 16:24:33 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys

2007-12-22 16:24:33 129536 ----a-w- c:\windows\system32\ksproxy.ax

2007-12-22 16:20:57 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\BVRP Software

2007-12-21 12:01:18 43136 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys

2007-12-21 12:01:13 -------- d-----w- c:\program files\Broadcom

2007-12-21 04:38:39 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2007-12-21 04:38:39 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2007-12-21 04:38:39 1060864 ----a-w- c:\windows\system32\MFC71.dll

2007-12-21 04:34:12 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2007-12-21 04:31:43 49152 ----a-w- c:\program files\mozilla firefox\plugins\np32dsw.dll

2007-12-21 04:30:54 73728 ----a-w- c:\windows\system32\javacpl.cpl

2007-12-21 04:26:54 -------- d-----w- c:\docume~1\owner~1.dav\locals~1\applic~1\Adobe

2007-12-21 04:15:29 11264 ----a-w- c:\windows\system32\SpOrder.dll

2007-12-21 03:58:04 135168 ----a-w- c:\windows\system32\igfxres.dll

2007-12-21 03:54:45 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2007-12-21 03:54:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2007-12-21 03:54:45 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2007-12-21 03:54:45 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2007-12-21 03:54:44 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll

2007-12-21 03:54:43 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll

2007-12-21 03:54:43 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll

2007-12-21 03:54:43 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat

2007-12-21 03:50:53 -------- d-----w- c:\windows\network diagnostic

2007-12-21 03:50:48 33792 -c--a-w- c:\windows\system32\dllcache\custsat.dll

2007-12-21 03:45:47 -------- d-----w- c:\program files\Windows Media Connect 2

2007-12-21 03:44:25 -------- d-----w- c:\windows\system32\LogFiles

2007-12-21 02:27:30 11264 ------w- c:\windows\system32\spnpinst.exe

2007-12-21 02:03:06 40960 -c----w- c:\windows\system32\dllcache\evtgprov.dll

2007-12-21 02:03:05 77824 ----a-w- c:\program files\netmeeting\nmcom.dll

2007-12-21 02:03:05 614912 ----a-w- c:\windows\system32\h323msp.dll

2007-12-21 02:03:05 385024 ----a-w- c:\program files\netmeeting\callcont.dll

2007-12-21 02:03:05 331264 ----a-w- c:\windows\system32\ipnathlp.dll

2007-12-21 02:03:05 274432 ----a-w- c:\program files\netmeeting\mst120.dll

2007-12-21 02:03:05 265728 ----a-w- c:\windows\system32\h323.tsp

2007-12-21 01:31:53 1082368 ----a-w- c:\windows\system32\esent.dll

2007-12-21 01:23:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2007-12-21 01:21:50 8192 ------w- c:\windows\system32\bitsprx2.dll

2007-12-21 01:21:50 7168 ------w- c:\windows\system32\bitsprx3.dll

2007-12-21 01:21:50 354816 ----a-w- c:\windows\system32\winhttp.dll

2007-12-21 01:21:50 18944 ----a-w- c:\windows\system32\qmgrprxy.dll

2007-12-20 00:24:32 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2007-12-20 00:24:32 446464 ----a-r- c:\windows\system32\hhactivex.dll

2007-12-20 00:24:32 414944 ----a-w- c:\windows\system32\COMCT332.OCX

2007-12-20 00:24:32 328480 ----a-w- c:\windows\system32\ssa3d30.ocx

2007-12-20 00:24:32 176128 ----a-w- c:\windows\system32\RcdScan.dll

2007-12-20 00:24:30 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2007-12-20 00:24:29 13632 ------w- c:\windows\system32\drivers\omci.sys

2007-12-20 00:19:12 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2007-12-20 00:18:56 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2007-12-20 00:17:59 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys

2007-12-20 00:16:56 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe

2007-12-20 00:13:28 26112 ----a-w- c:\windows\system32\xpsp1hfm.exe

2007-12-20 00:10:37 -------- d-sh--w- c:\documents and settings\all users.windows\DRM

2007-12-20 00:08:59 3558912 ----a-w- c:\program files\movie maker\moviemk.exe

2007-12-20 00:07:15 5632 -c--a-w- c:\windows\system32\dllcache\write.exe

2007-12-20 00:06:59 539648 ----a-w- c:\windows\system32\comuid.dll

2007-12-14 23:47:46 238080 ----a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL

2007-12-07 19:34:33 -------- d-----w- c:\windows\system32\wbem\repository\FS

2007-12-07 19:34:33 -------- d-----w- c:\windows\system32\wbem\Repository

2007-12-07 19:34:09 -------- d-----w- c:\program files\MSXML 4.0

2007-12-07 19:32:53 -------- d-----w- c:\windows\VirtualEar

2007-12-07 19:32:14 -------- d-----w- c:\program files\Analog Devices

2007-12-07 19:32:13 -------- d-----w- c:\windows\system32\ZoneLabs

2007-12-06 18:58:27 -------- d-----w- c:\windows\SxsCaPendDel

2007-11-20 00:59:36 119816 ----a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL

2007-11-20 00:42:20 54280 ----a-w- c:\program files\common files\system\msmapi\1033\SCANOST.EXE

2007-11-20 00:38:20 109064 ----a-w- c:\program files\common files\system\msmapi\1033\EMABLT32.DLL

2007-11-05 20:18:52 781312 ----a-w- c:\program files\common files\system\msmapi\1033\MAPIR.DLL

2007-08-13 23:44:30 105984 -c--a-w- c:\windows\system32\dllcache\url.dll

2007-08-13 23:44:26 193536 -c--a-w- c:\windows\system32\dllcache\msrating.dll

2007-08-13 23:44:18 43008 -c--a-w- c:\windows\system32\dllcache\licmgr10.dll

2007-08-13 23:44:06 206848 -c----w- c:\windows\system32\dllcache\occache.dll

2007-08-13 23:44:02 69120 -c----w- c:\windows\system32\dllcache\iedw.exe

2007-08-13 23:43:56 638816 -c--a-w- c:\windows\system32\dllcache\iexplore.exe

2007-08-13 23:40:52 1241088 ----a-w- c:\windows\system32\ieframe.dll.mui

2007-08-13 23:39:54 229376 -c--a-w- c:\windows\system32\dllcache\ieaksie.dll

2007-08-13 23:39:50 387584 -c----w- c:\windows\system32\dllcache\iedkcs32.dll

2007-08-13 23:39:26 125952 -c--a-w- c:\windows\system32\dllcache\ieakeng.dll

2007-08-13 23:39:20 72704 -c--a-w- c:\windows\system32\dllcache\admparse.dll

2007-08-13 23:39:12 71680 -c--a-w- c:\windows\system32\dllcache\iesetup.dll

2007-08-13 23:39:10 55808 -c--a-w- c:\windows\system32\dllcache\iernonce.dll

2007-08-13 23:39:06 173056 -c----w- c:\windows\system32\dllcache\ie4uinit.exe

2007-08-13 23:39:02 94720 -c--a-w- c:\windows\system32\dllcache\inseng.dll

2007-08-13 23:39:00 128512 -c--a-w- c:\windows\system32\dllcache\advpack.dll

2007-08-13 23:38:48 10240 ----a-w- c:\windows\system32\advpack.dll.mui

2007-08-13 23:36:12 46592 -c--a-w- c:\windows\system32\dllcache\pngfilt.dll

2007-08-13 23:36:06 34816 -c--a-w- c:\windows\system32\dllcache\imgutil.dll

2007-08-13 23:35:46 348160 -c--a-w- c:\windows\system32\dllcache\dxtmsft.dll

2007-08-13 23:35:38 216064 -c--a-w- c:\windows\system32\dllcache\dxtrans.dll

2007-08-13 23:32:30 45568 -c--a-w- c:\windows\system32\dllcache\mshta.exe

2007-08-13 23:18:02 68608 -c--a-w- c:\windows\system32\dllcache\hmmapi.dll

2007-08-13 23:01:12 48128 -c--a-w- c:\windows\system32\dllcache\mshtmler.dll

2007-08-07 17:58:08 8320 ----a-w- c:\windows\system32\drivers\AWRTRD.sys

2007-08-07 17:56:58 9344 ----a-w- c:\windows\system32\drivers\NSDriver.sys

2007-07-31 00:19:46 209632 -c--a-w- c:\windows\system32\dllcache\wuweb.dll

2007-07-11 18:37:26 6272 ----a-w- c:\windows\system32\drivers\AWRTPD.sys

2007-07-01 13:36:52 -------- d-----w- c:\windows\system32\PreInstall

2007-06-28 19:51:44 -------- d-----w- c:\windows\system32\SoftwareDistribution

2007-06-26 15:13:22 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll

2007-06-18 21:05:02 1103280 ----a-w- c:\program files\common files\microsoft shared\office11\RICHED20.DLL

2007-06-14 19:43:14 14728 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPFLTRS.DLL

2007-05-31 17:50:10 1168736 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPSRVUTL.DLL

2007-05-11 03:52:34 95864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2007-05-11 03:52:34 95864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2007-05-02 17:45:26 2123104 ----a-w- c:\program files\common files\system\ole db\MSOLAP80.DLL

2007-04-30 19:11:38 89440 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPENCODE.DLL

2007-04-19 18:16:14 807256 ----a-w- c:\program files\common files\microsoft shared\web server extensions\60\bin\FPWEC.DLL

2007-04-19 18:10:34 126304 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOP11.EXE

2007-04-19 18:09:30 167256 ----a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL

2007-04-19 17:57:40 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL

2007-04-19 17:56:58 29024 ----a-w- c:\program files\common files\microsoft shared\euro\MSOEURO.DLL

2007-04-19 17:55:16 53088 ----a-w- c:\program files\common files\microsoft shared\web components\11\DFUICOM.EXE

2007-04-19 17:55:16 148312 ----a-w- c:\program files\common files\microsoft shared\web components\11\ATP.DLL

2007-04-19 17:49:28 383328 ----a-w- c:\program files\common files\microsoft shared\msorun\MSORUN.DLL

2007-04-19 17:47:42 297304 ----a-w- c:\program files\common files\microsoft shared\smart tag\MOFL.DLL

2007-04-19 17:47:40 186208 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPERSON.DLL

2007-04-19 17:47:40 171872 ----a-w- c:\program files\common files\microsoft shared\smart tag\FPLACE.DLL

2007-04-19 17:47:38 159072 ----a-w- c:\program files\common files\microsoft shared\smart tag\FSTOCK.DLL

2007-04-19 17:47:38 130904 ----a-w- c:\program files\common files\microsoft shared\smart tag\FNAME.DLL

2007-04-19 17:47:38 126808 ----a-w- c:\program files\common files\microsoft shared\smart tag\FDATE.DLL

2007-04-13 19:19:52 7680 ----a-w- c:\windows\system32\lsdelete.exe

2007-04-09 17:24:06 1025416 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPCORE.DLL

2007-04-09 17:24:04 758664 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIGRAPH.DLL

2007-04-09 17:24:04 453512 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIVWCTL.DLL

2007-04-09 17:24:00 367496 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPVIEW.EXE

2007-04-09 17:23:58 46472 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIUI.DLL

2007-04-09 17:23:58 231816 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MDIINK.DLL

2007-04-09 17:23:54 28552 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIPPR.DLL

2007-04-09 17:23:54 28040 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\drivers\MDIMON.DLL

2007-04-09 17:23:52 25992 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\MSPGIMME.DLL

2007-03-22 23:31:06 151904 ----a-w- c:\program files\common files\microsoft shared\office11\1033\ALRTINTL.DLL

2007-03-22 23:29:32 44888 ----a-w- c:\program files\common files\microsoft shared\office11\MSSH.DLL

2007-03-22 23:29:24 39256 ----a-w- c:\program files\common files\microsoft shared\web folders\MSOSV.DLL

2007-03-22 23:29:16 20824 ----a-w- c:\program files\common files\microsoft shared\office11\MSMH.DLL

2007-03-22 23:29:16 14704 ----a-w- c:\program files\common files\microsoft shared\smart tag\SmartTagInstall.exe

2007-03-22 23:29:14 1753952 ----a-w- c:\program files\common files\microsoft shared\office11\1033\MSOINTL.DLL

2007-03-22 23:29:10 13664 ----a-w- c:\program files\common files\microsoft shared\web folders\1033\MSOSVINT.DLL

2007-03-22 23:25:54 124248 ----a-w- c:\program files\common files\microsoft shared\office11\UCS20.DLL

2007-03-22 23:23:30 19296 ----a-w- c:\program files\common files\microsoft shared\msinfo\OINFOS11.DLL

2007-03-22 23:23:30 17248 ----a-w- c:\program files\mozilla firefox\plugins\NPOFFICE.DLL

2007-03-22 23:17:04 35440 ----a-w- c:\windows\system32\FM20ENU.DLL

2007-03-22 23:16:52 542048 ----a-w- c:\program files\common files\microsoft shared\web components\11\1033\OWCI11.DLL

2007-03-22 23:13:38 58720 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLED.EXE

2007-03-22 23:13:38 45408 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXEV.DLL

2007-03-22 23:08:14 149856 ----a-w- c:\program files\common files\system\msmapi\1033\CNFNOT32.EXE

2007-03-22 23:07:14 45920 ----a-w- c:\program files\common files\system\msmapi\1033\SCANPST.EXE

2007-03-22 23:06:34 15712 ----a-w- c:\program files\common files\system\msmapi\1033\BJABLR32.DLL

2007-03-22 23:05:32 60256 ----a-w- c:\program files\common files\microsoft shared\office11\1033\LCCWIZ.DLL

2007-03-22 23:03:40 20832 ----a-w- c:\program files\common files\microsoft shared\smart tag\1033\STINTL.DLL

2007-03-05 13:47:16 243200 ----a-w- c:\program files\common files\microsoft shared\modi\11.0\1033\MSPLCRES.DLL

2007-02-28 07:41:16 111504 ----a-w- c:\program files\common files\microsoft shared\dw\1061\DWINTL20.DLL

2007-02-28 07:40:46 114024 ----a-w- c:\program files\common files\microsoft shared\dw\1026\DWINTL20.DLL

2007-02-28 07:38:44 113040 ----a-w- c:\program files\common files\microsoft shared\dw\1051\DWINTL20.DLL

2007-02-28 07:37:52 111440 ----a-w- c:\program files\common files\microsoft shared\dw\1058\DWINTL20.DLL

2007-02-28 07:37:46 112552 ----a-w- c:\program files\common files\microsoft shared\dw\1063\DWINTL20.DLL

2007-02-28 07:37:20 112016 ----a-w- c:\program files\common files\microsoft shared\dw\1055\DWINTL20.DLL

2007-02-28 07:28:56 114600 ----a-w- c:\program files\common files\microsoft shared\dw\1027\DWINTL20.DLL

2007-02-28 07:25:50 113072 ----a-w- c:\program files\common files\microsoft shared\dw\1062\DWINTL20.DLL

2007-02-28 07:25:46 113048 ----a-w- c:\program files\common files\microsoft shared\dw\1050\DWINTL20.DLL

2007-02-28 07:23:46 113048 ----a-w- c:\program files\common files\microsoft shared\dw\1048\DWINTL20.DLL

2007-02-28 07:22:46 112536 ----a-w- c:\program files\common files\microsoft shared\dw\1060\DWINTL20.DLL

2007-02-26 05:01:00 816528 ----a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE

2007-02-26 05:01:00 437160 ----a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE

2007-02-16 05:49:32 115576 ----a-w- c:\program files\common files\microsoft shared\dw\1032\DWINTL20.DLL

2007-02-16 05:38:22 111984 ----a-w- c:\program files\common files\microsoft shared\dw\1038\DWINTL20.DLL

2007-01-24 18:46:18 113056 ----a-w- c:\program files\common files\microsoft shared\dw\2070\DWINTL20.DLL

2007-01-09 16:01:44 112528 ----a-w- c:\program files\common files\microsoft shared\dw\1029\DWINTL20.DLL

2007-01-03 02:59:50 109832 ----a-w- c:\program files\common files\microsoft shared\dw\1049\DWINTL20.DLL

2006-12-09 04:11:00 109376 ----a-w- c:\program files\common files\microsoft shared\dw\1044\DWINTL20.DLL

2006-12-02 14:21:50 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1030\DWINTL20.DLL

2006-12-02 14:18:26 108880 ----a-w- c:\program files\common files\microsoft shared\dw\1035\DWINTL20.DLL

2006-11-27 11:33:00 -------- d-----w- c:\windows\Internet Logs

2006-11-24 14:13:58 110928 ----a-w- c:\program files\common files\microsoft shared\dw\1045\DWINTL20.DLL

2006-11-24 14:13:00 110920 ----a-w- c:\program files\common files\microsoft shared\dw\1043\DWINTL20.DLL

2006-11-24 13:51:04 111440 ----a-w- c:\program files\common files\microsoft shared\dw\1040\DWINTL20.DLL

2006-11-24 13:50:30 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1054\DWINTL20.DLL

2006-11-24 13:49:50 110416 ----a-w- c:\program files\common files\microsoft shared\dw\1046\DWINTL20.DLL

2006-11-24 13:48:20 109376 ----a-w- c:\program files\common files\microsoft shared\dw\1053\DWINTL20.DLL

2006-11-21 17:53:06 158456 ----a-w- c:\windows\system32\pxwma.dll

2006-11-21 17:53:00 129784 ----a-w- c:\windows\system32\PxAFS.DLL

2006-11-13 23:29:30 109840 ----a-w- c:\program files\common files\microsoft shared\dw\1081\DWINTL20.DLL

2006-10-27 14:57:04 110936 ----a-w- c:\program files\common files\microsoft shared\dw\3082\DWINTL20.DLL

2006-10-27 12:46:36 112464 ----a-w- c:\program files\common files\microsoft shared\dw\1031\DWINTL20.DLL

2006-10-27 12:06:36 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1037\DWINTL20.DLL

2006-10-27 12:04:04 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1025\DWINTL20.DLL

2006-10-27 12:01:08 108816 ----a-w- c:\program files\common files\microsoft shared\dw\2052\DWINTL20.DLL

2006-10-27 10:59:44 111960 ----a-w- c:\program files\common files\microsoft shared\dw\1036\DWINTL20.DLL

2006-10-27 10:59:34 108816 ----a-w- c:\program files\common files\microsoft shared\dw\3076\DWINTL20.DLL

2006-10-27 10:55:12 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1041\DWINTL20.DLL

2006-10-27 10:54:38 108816 ----a-w- c:\program files\common files\microsoft shared\dw\1028\DWINTL20.DLL

2006-10-27 10:52:08 108824 ----a-w- c:\program files\common files\microsoft shared\dw\1042\DWINTL20.DLL

2006-10-26 22:48:14 439568 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL

2006-10-26 22:48:10 108872 ----a-w- c:\program files\common files\microsoft shared\dw\1033\DWINTL20.DLL

2006-10-19 01:05:26 204288 ------w- c:\program files\windows media player\wmpnscfg.exe

2006-10-19 01:05:24 913408 ------w- c:\program files\windows media player\wmpnetwk.exe

2006-10-19 01:05:16 232448 ------w- c:\windows\system32\l3codecp.acm

2006-10-19 01:04:40 493568 ------w- c:\program files\windows media player\wmdbexport.exe

2006-10-19 01:04:30 36864 ------w- c:\program files\windows media player\wmpshare.exe

2006-10-19 01:00:46 249856 ------w- c:\windows\system32\drmupgds.exe

2006-10-19 01:00:14 17408 ------w- c:\windows\system32\wpdshextautoplay.exe

2006-10-18 08:00:00 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2006-10-18 08:00:00 2560 ----a-w- c:\windows\system32\drivers\cdralw2k.sys

2006-10-18 08:00:00 2432 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys

2006-10-14 08:13:25 981760 -c----w- c:\windows\system32\dllcache\mfc42u.dll

2006-10-07 14:35:35 -------- d-----w- c:\program files\LimeWire

2006-10-02 20:28:42 312128 ------w- c:\windows\system32\msdelta.dll

2006-09-29 01:13:26 95344 ------w- c:\windows\system32\WUDFCoinstaller.dll

2006-09-29 00:00:34 82944 ------w- c:\windows\system32\drivers\WudfRd.sys

2006-09-28 23:56:38 316416 ------w- c:\windows\system32\WUDFx.dll

2006-09-28 23:56:38 146432 ------w- c:\windows\system32\WudfHost.exe

2006-09-28 23:56:16 165376 ------w- c:\windows\system32\WudfPlatform.dll

2006-09-28 23:56:14 55808 ------w- c:\windows\system32\WudfSvc.dll

2006-09-28 23:55:50 77568 ------w- c:\windows\system32\drivers\WudfPf.sys

2006-09-28 21:13:44 162632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\1033\VBE6INTL.DLL

2006-09-13 08:27:46 101888 ----a-w- c:\program files\common files\microsoft shared\dw\2068\DWINTL20.DLL

2006-09-13 05:09:16 1172480 ----a-w- c:\windows\system32\msxml3.dll

2006-09-02 23:42:35 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll

2006-08-25 09:14:17 2897920 ----a-w- c:\windows\system32\xpsp2res.dll

2006-08-22 09:05:26 498742 -c----w- c:\windows\system32\dllcache\dxmasf.dll

2006-08-21 14:52:08 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll

2006-08-16 12:14:23 82432 ----a-w- c:\windows\system32\ws2_32.dll

2006-08-16 12:14:23 59904 ----a-w- c:\windows\system32\ipv6mon.dll

2006-08-16 12:14:23 32768 ----a-w- c:\windows\system32\inetmib1.dll

2006-08-16 12:14:23 14336 ----a-w- c:\windows\system32\wship6.dll

2006-08-16 12:14:23 100864 ----a-w- c:\windows\system32\6to4svc.dll

2006-08-16 09:42:14 438784 ----a-w- c:\windows\system32\xpob2res.dll

2006-08-16 09:28:55 53248 ----a-w- c:\windows\system32\ipv6.exe

2006-08-16 09:27:50 86016 ----a-w- c:\windows\system32\netsh.exe

2006-08-16 09:27:12 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys

2006-06-29 13:05:44 26112 ----a-w- c:\windows\system32\idndl.dll

2006-06-29 13:05:44 23552 ----a-w- c:\windows\system32\normaliz.dll

2006-06-28 22:59:26 24576 ----a-w- c:\windows\system32\nlsdl.dll

2006-06-28 00:00:26 410928 ------w- c:\program files\windows media player\LegitLibM.dll

2006-06-23 16:33:58 916480 ----a-w- c:\windows\system32\wininet.dll

2006-05-14 09:13:41 384000 ----a-w- c:\windows\system32\ipsmsnap.dll

2006-05-14 09:13:41 349696 ----a-w- c:\windows\system32\ipsecsnp.dll

2006-05-14 09:13:41 32256 ----a-w- c:\windows\system32\winipsec.dll

2006-05-14 09:13:41 270336 ----a-w- c:\windows\system32\oakley.dll

2006-05-14 09:13:41 183808 ----a-w- c:\windows\system32\ipsecsvc.dll

2006-05-14 09:13:41 105472 ----a-w- c:\windows\system32\polstore.dll

2006-04-11 22:50:38 -------- d-----w- c:\windows\Downloaded Installations

2006-03-17 00:49:30 28672 ----a-w- c:\windows\system32\verclsid.exe

2006-03-16 00:13:04 10920 ----a-w- C:\aolconnfix.exe

2006-03-01 19:44:39 91648 ----a-w- c:\windows\system32\mtxoci.dll

2006-03-01 19:44:39 66560 ----a-w- c:\windows\system32\mtxclu.dll

2006-02-15 21:22:12 102912 ----a-w- c:\program files\common files\microsoft shared\dw\2074\DWINTL20.DLL

2006-01-13 16:53:28 -------- d--h--w- c:\windows\PIF

2006-01-06 19:41:15 -------- d-----w- c:\program files\Lavasoft

2006-01-04 03:37:34 68096 ----a-w- c:\windows\system32\webclnt.dll

2005-12-03 17:22:35 -------- d-----w- c:\program files\Lavasoft(2)

2005-09-25 14:24:35 -------- d-----w- c:\program files\common files\Scanner

2005-09-20 16:33:58 843984 ----a-w- c:\program files\common files\system\ole db\MSDAIPP.DLL

2005-09-20 16:33:58 163536 ----a-w- c:\program files\common files\system\ole db\MSDAPML.DLL

2005-09-20 16:33:08 1293008 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL

2005-09-20 15:00:54 1302332 ----a-w- c:\windows\system32\drivers\ialmnt5.sys

2005-09-20 14:59:56 900218 ----a-w- c:\windows\system32\ialmdd5.dll

2005-09-20 14:52:38 36990 ----a-w- c:\windows\system32\ialmrnt5.dll

2005-09-20 14:52:36 49152 ----a-w- c:\windows\system32\ialmrem.dll

2005-09-20 14:52:34 61440 ----a-w- c:\windows\system32\iAlmCoIn_v4396.dll

2005-09-20 14:52:32 118395 ----a-w- c:\windows\system32\ialmdnt5.dll

2005-09-20 14:52:22 213274 ----a-w- c:\windows\system32\ialmdev5.dll

2005-09-20 14:44:50 524288 ----a-w- c:\windows\system32\igldev32.dll

2005-09-20 14:43:00 2310144 ----a-w- c:\windows\system32\iglicd32.dll

2005-09-20 14:36:46 143360 ----a-w- c:\windows\system32\igfxrrus.lrc

2005-09-20 14:35:40 94208 ----a-w- c:\windows\system32\igfxtray.exe

2005-09-20 14:35:28 1503232 ----a-w- c:\windows\system32\igfxress.dll

2005-09-20 14:35:24 147456 ----a-w- c:\windows\system32\igfxpph.dll

2005-09-20 14:35:12 77824 ----a-w- c:\windows\system32\igfxcpl.cpl

2005-09-20 14:35:02 446464 ----a-w- c:\windows\system32\igfxcfg.exe

2005-09-20 14:32:30 86016 ----a-w- c:\windows\system32\igfxdo.dll

2005-09-20 14:32:24 77824 ----a-w- c:\windows\system32\hkcmd.exe

2005-09-20 14:32:16 57344 ----a-w- c:\windows\system32\igfxsrvc.dll

2005-09-20 14:32:16 159744 ----a-w- c:\windows\system32\igfxsrvc.exe

2005-09-20 14:31:32 135168 ----a-w- c:\windows\system32\igfxrenu.lrc

2005-09-20 14:31:28 135168 ----a-w- c:\windows\system32\igfxdev.dll

2005-09-20 14:31:12 73728 ----a-w- c:\windows\system32\hccutils.dll

2005-09-01 01:49:29 19968 ----a-w- c:\windows\system32\linkinfo.dll

2005-08-23 03:51:10 123392 ----a-w- c:\windows\system32\umpnpmgr.dll

2005-08-22 18:36:34 198144 ----a-w- c:\windows\system32\netman.dll

2005-08-20 20:22:47 -------- d-----w- c:\program files\common files\aolshare

2005-08-20 20:22:46 -------- d-----w- c:\program files\America Online 9.0c

2005-07-26 04:31:13 74752 ----a-w- c:\windows\system32\olecli32.dll

2005-07-26 04:31:13 401408 ----a-w- c:\windows\system32\rpcss.dll

2005-07-26 04:31:13 1287168 ----a-w- c:\windows\system32\ole32.dll

2005-07-26 04:31:12 253952 ----a-w- c:\windows\system32\es.dll

2005-07-26 04:30:49 1267200 ----a-w- c:\windows\system32\comsvcs.dll

2005-07-26 04:30:41 60416 ----a-w- c:\windows\system32\colbact.dll

2005-07-26 04:30:41 498688 ----a-w- c:\windows\system32\clbcatq.dll

2005-07-26 04:30:38 625664 ----a-w- c:\windows\system32\catsrvut.dll

2005-07-26 04:30:34 226304 ----a-w- c:\windows\system32\catsrv.dll

2005-07-08 16:09:48 249856 ----a-w- c:\windows\system32\tapisrv.dll

2005-06-15 17:50:24 301568 ----a-w- c:\windows\system32\kerberos.dll

2005-06-10 23:55:46 58880 ----a-w- c:\windows\system32\spoolsv.exe

2005-06-03 04:36:20 506568 ----a-w- c:\program files\common files\microsoft shared\web components\10\1033\OWCI10.DLL

2005-05-04 04:06:32 1411816 ----a-w- c:\program files\common files\system\ole db\MSDMINE.DLL

2005-05-04 04:06:30 1071856 ----a-w- c:\program files\common files\system\ole db\MSMDGD80.DLL

2005-05-04 04:06:28 465640 ----a-w- c:\program files\common files\system\ole db\MSDMENG.DLL

2005-05-04 04:06:26 240360 ----a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL

2005-05-04 04:06:26 228152 ----a-w- c:\program files\common files\system\ole db\MSOLUI80.DLL

2005-05-04 04:06:26 199408 ----a-w- c:\program files\common files\system\ole db\MSMDUN80.DLL

2005-04-25 23:40:01 -------- d-----w- c:\windows\system32\BWKDLogs

2005-04-25 23:39:27 -------- d-----w- c:\windows\system32\color

2005-04-25 22:26:28 -------- d-----w- c:\program files\Kodak

2005-03-17 04:59:35 622592 ----a-w- c:\windows\system32\hphmon07.exe

2005-03-02 18:20:03 62464 ----a-w- c:\windows\system32\authz.dll

2005-02-08 21:09:14 -------- d-----w- c:\program files\Intuit

2005-02-08 21:08:08 -------- d-----w- c:\program files\common files\Intuit

2005-02-08 21:07:07 -------- d-----w- c:\program files\TurboTax

2005-02-07 20:50:28 57344 ----a-w- c:\program files\internet explorer\plugins\NPEvery.dll

2005-02-07 20:50:28 233472 ----a-w- c:\program files\internet explorer\plugins\NPExpFTP.dll

2005-02-07 20:50:28 155648 ----a-w- c:\program files\internet explorer\plugins\broderbund\PretzlDn.dll

2005-02-07 20:49:19 -------- d-----w- c:\program files\Web Publish

2005-02-07 20:45:56 -------- d-----w- c:\program files\common files\Broderbund

2005-02-07 20:45:46 94208 ----a-w- c:\program files\common files\mssoap\binaries\MSSMO.dll

2005-02-07 20:45:46 20480 ----a-w- c:\program files\common files\mssoap\binaries\XHSC10.dll

2005-02-07 20:45:45 169984 ----a-w- c:\program files\common files\mssoap\binaries\HLSC10.dll

2005-02-07 20:45:35 -------- d-----w- c:\program files\Broderbund

2005-02-03 00:15:30 -------- d-----w- c:\windows\Cache

2004-12-31 15:47:51 -------- d-----w- c:\program files\common files\Symantec Shared

2004-12-31 15:30:03 -------- d-----w- c:\windows\system32\wbem\AutoRecover

2004-12-31 15:15:52 -------- d-----w- c:\windows\peernet

2004-12-31 15:15:51 -------- d-----w- c:\windows\provisioning

2004-12-31 15:13:16 -------- d-----w- c:\windows\ServicePackFiles

2004-12-31 15:04:21 -------- d-----w- c:\windows\EHome

2004-12-23 11:30:37 -------- d-----w- c:\program files\Canon

2004-12-22 16:17:58 139345 ----a-w- c:\windows\system32\hpzlnt99.dll

2004-12-22 16:11:44 397312 ----a-w- c:\windows\system32\hpzcon99.dll

2004-12-22 16:10:50 200704 ----a-w- c:\windows\system32\hpzcoi99.dll

2004-12-16 18:28:26 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2004-12-16 18:28:26 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2004-12-16 18:28:26 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2004-12-16 18:28:26 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2004-12-16 18:28:26 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2004-12-16 18:28:26 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2004-12-16 18:28:26 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2004-12-16 18:28:25 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2004-12-15 14:52:24 -------- d--h--w- c:\windows\$hf_mig$

2004-12-14 18:33:32 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2004-12-14 18:33:31 1669120 ----a-w- c:\program files\windows media player\wmsetsdk.exe

2004-12-14 18:32:12 -------- d-----w- c:\windows\RegisteredPackages

2004-12-10 12:42:02 -------- d-----w- c:\windows\system32\bits

2004-11-22 21:21:26 -------- d-----w- c:\program files\AOL Deskbar

2004-11-17 17:57:01 347136 ----a-w- c:\windows\system32\hypertrm.dll

2004-11-11 20:52:07 -------- d-----w- c:\windows\SendTo

2004-11-11 20:51:08 -------- d-----w- c:\windows\forms

2004-11-11 20:51:08 -------- d-----w- c:\program files\Windows Messaging

2004-11-10 02:34:21 -------- d-----w- c:\program files\common files\NSV

2004-11-09 19:45:04 -------- d-----w- c:\windows\pss

2004-11-09 19:12:38 -------- d-----w- c:\windows\Drivers

2004-11-09 19:05:36 -------- d-----w- c:\windows\system32\ReinstallBackups

2004-11-02 21:43:39 -------- d-s---w- c:\windows\system32\Microsoft

2004-11-02 21:19:09 520192 -c--a-w- c:\windows\system32\dllcache\wmpvis.dll

2004-11-02 21:19:09 520192 ----a-w- c:\program files\windows media player\wmpvis.dll

2004-11-02 21:19:08 319542 -c--a-w- c:\windows\system32\dllcache\wmmres.dll

2004-11-02 21:19:08 319542 ----a-w- c:\program files\movie maker\wmmres.dll

2004-11-02 21:19:08 163897 -c--a-w- c:\windows\system32\dllcache\wmmutil.dll

2004-11-02 21:19:08 163897 ----a-w- c:\program files\movie maker\wmmutil.dll

2004-11-02 21:19:08 110648 -c--a-w- c:\windows\system32\dllcache\wmmfilt.dll

2004-11-02 21:19:08 110648 ----a-w- c:\program files\movie maker\wmmfilt.dll

2004-11-02 21:00:13 -------- d-----w- c:\windows\setup.pss

2004-10-28 18:06:29 215552 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2004-10-28 01:29:54 101888 ----a-w- c:\windows\system32\cscdll.dll

2004-10-24 23:11:52 -------- d-----w- c:\program files\common files\aolback

2004-10-24 23:11:52 -------- d-----w- C:\aolextras

2004-10-24 23:11:50 -------- d-s---w- c:\windows\occache

2004-10-24 23:08:53 -------- d-----w- c:\program files\America Online 9.0b



==================== Find3M ====================



2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:21:59 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax

2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-09 07:43:36 692736 ----a-w- c:\windows\system32\inetcomm.dll

2010-04-28 02:25:02 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-27 13:05:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll

2010-03-30 16:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll

2010-03-30 04:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll

2010-02-05 18:27:45 1291776 ----a-w- c:\windows\system32\quartz.dll

2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm

2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll

2009-12-24 06:59:40 177664 ----a-w- c:\windows\system32\wintrust.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-10-15 16:28:26 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-01 14:46:07 282654 ----a-w- c:\windows\system32\msaud32.acm

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-06 23:24:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2009-08-06 23:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2009-08-06 23:24:10 217816 ----a-w- c:\windows\system32\wuaucpl.cpl

2009-08-06 23:24:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2009-08-06 23:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 23:23:46 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-31 15:05:44 1372672 ------w- c:\windows\system32\msxml6.dll

2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll

2009-07-14 03:43:24 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 13:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-02 03:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll

2009-03-08 09:35:10 385024 ----a-w- c:\windows\system32\html.iec

2009-03-08 09:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll

2009-03-08 09:33:40 18944 ----a-w- c:\windows\system32\corpol.dll

2009-03-08 09:32:56 72704 ----a-w- c:\windows\system32\admparse.dll

2009-03-08 09:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-03-08 09:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll

2009-03-08 09:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll

2009-03-08 09:31:02 45568 ----a-w- c:\windows\system32\mshta.exe

2009-03-08 09:31:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2009-03-08 09:30:56 66560 ----a-w- c:\windows\system32\tdc.ocx

2009-03-08 09:22:38 156160 ----a-w- c:\windows\system32\msls31.dll

2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll

2009-02-27 04:56:38 177152 ----a-w- c:\windows\system32\msctfime.ime

2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll

2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll

2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll

2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll

2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe

2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe

2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll

2008-06-24 22:12:58 295936 ------w- c:\windows\system32\wmpeffects.dll

2008-06-24 16:43:16 74240 ----a-w- c:\windows\system32\mscms.dll

2008-06-20 17:46:57 245248 ----a-w- c:\windows\system32\mswsock.dll

2008-06-18 10:03:08 938496 ----a-w- c:\windows\system32\WMNetmgr.dll

2008-06-18 06:09:22 100864 ----a-w- c:\windows\system32\logagent.exe

2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\msdtctm.dll

2008-06-12 14:23:32 58880 ----a-w- c:\windows\system32\msdtclog.dll

2008-06-12 14:23:32 428032 ----a-w- c:\windows\system32\msdtcprx.dll

2008-06-12 14:23:32 161792 ----a-w- c:\windows\system32\msdtcuiu.dll

2008-05-09 23:23:42 135168 ----a-w- c:\windows\system32\wshom.ocx

2008-05-09 10:53:40 90112 ----a-w- c:\windows\system32\wshext.dll

2008-05-09 10:53:40 172032 ----a-w- c:\windows\system32\scrrun.dll

2008-05-09 10:53:39 180224 ----a-w- c:\windows\system32\scrobj.dll

2008-05-08 11:24:44 155648 ----a-w- c:\windows\system32\wscript.exe

2008-05-07 09:07:23 135168 ----a-w- c:\windows\system32\cscript.exe

2008-04-14 09:42:06 985088 ----a-w- c:\windows\system32\setupapi.dll

2008-04-14 09:41:58 423936 ----a-w- c:\windows\system32\licdll.dll

2008-04-14 00:25:26 1804 ----a-w- c:\windows\system32\dcache.bin



============= FINISH: 1:54:52.95 ===============


Attached File  Attach.txt   9.61KB   0 downloads
Attached File  Ark.log   1.25KB   0 downloads

Attached Files

  • Attached File  Ark.log   1.25KB   1 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 AM

Posted 22 January 2011 - 10:35 AM

Hi

Please do the following:

Open Device Manager

Click WinKey + R to open a Run command box. Copy/paste the following text into the open run box and click OK:

devmgmt.msc

The Device Manager window should now be open.

In the menu at the top, click the View tab and click 'Show hidden devices'

Scroll down to System Devices. Click the + sign to expand, and look for a device with [cmz vmkd]Virtual Bus in the name.

Right click "[cmz vmkd] Virtual Bus" > choose "Uninstall"


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 n8jk

n8jk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 22 January 2011 - 01:24 PM

Initially, ComboFix would not run and terminated with a Date Error. I corrected the date and time, and then ran ComboFix to completion.

Please note that I was unable to download Recovery Console, b/c the infected computer doesn't have a wireless card to connect to the internet. Presently I'm posting from a secondary computer. If need be, I can burn an iso of Recovery Console to CD and install it in the infected system manually. I will, however await your instruction.

ComboFix 11-01-22.01 - Owner 01/22/2011 12:49:14.1.1 - x86

Running from: c:\documents and settings\Owner.DAVE-HOME\Desktop\ComboFix.exe



WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\documents and settings\All Users.WINDOWS\Application Data\.wtav

c:\documents and settings\Malwarebytes' Anti-Malware\firefox.exe.exe

c:\documents and settings\Owner.DAVE-HOME\GoToAssistDownloadHelper.exe

c:\documents and settings\Owner.DAVE-HOME\Local Settings\Application Data\_syssvc.exe

c:\documents and settings\Owner.DAVE-HOME\Local Settings\Application Data\010155555710297.xxe

c:\documents and settings\Owner.DAVE-HOME\Local Settings\Application Data\052995010152101.xxe

c:\documents and settings\Owner.DAVE-HOME\Local Settings\Application Data\05351985398100.xxe

c:\windows\andy137.exe

c:\windows\bk23567.dat

c:\windows\fdgg34353edfgdfdf

c:\windows\system32\drivers\fad.sys

c:\windows\system32\drivers\vbmab8a9.sys

c:\windows\system32\drivers\vdr.sys

c:\windows\system32\vdr.dll



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_VDR

-------\Legacy_VVDR

-------\Service_vdr

-------\Service_vvdr

-------\Service_vbmab8a9





((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))

.



No new files created in this timespan



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 22:09 . 2003-09-19 06:42 496976 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

2010-12-20 22:09 . 2003-09-19 06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 22:08 . 2003-09-19 06:42 46416 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\ssubtmr6.dll

2010-12-20 22:08 . 2003-09-19 06:42 363344 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamservice.exe

2010-12-20 22:08 . 2003-09-19 06:42 443728 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamgui.exe

2010-12-20 22:08 . 2003-09-19 06:42 331088 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamnet.dll

2010-12-20 22:08 . 2003-09-19 06:42 77648 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamext.dll

2010-12-20 22:08 . 2003-09-19 06:42 518480 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbamcore.dll

2010-12-20 22:08 . 2003-09-19 06:42 202576 ----a-w- c:\documents and settings\Malwarebytes' Anti-Malware\mbam.dll

2010-12-20 22:08 . 2003-09-19 06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-10-14 17:56 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Aim"="c:\program files\AIM7\aim.exe" [2010-10-12 4258136]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-25 149280]

"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]



c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-11-4 258048]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-2-20 282624]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2004-12-22 16:40 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb99.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon07]

2005-03-17 04:59 622592 ----a-w- c:\windows\system32\hphmon07.exe



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD07]

2005-03-17 05:08 49152 ----a-w- c:\program files\HP\{C8EEAA89-0A3E-441f-B646-17A46F5D6954}\hphupd07.exe



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM7\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8087:TCP"= 8087:TCP:vdr



R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2003-09-19 136176]

R3 DFBCFDBA;DFBCFDBA; [x]

R3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2004-04-08 347648]



.

Contents of the 'Scheduled Tasks' folder



2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]



2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2003-09-19 04:32]



2003-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2003-09-19 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.sbc.com/dsl

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:28091

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

FF - ProfilePath - c:\documents and settings\Owner.DAVE-HOME\Application Data\Mozilla\Firefox\Profiles\e8qpauef.default\

FF - prefs.js: browser.search.selectedEngine - AOL Search

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -



SafeBoot-klmdb.sys

MSConfigStartUp-jhiayuam - c:\docume~1\OWNER~1.DAV\LOCALS~1\Temp\kxhmmqqkq\pbvvibndlta.exe

MSConfigStartUp-xuri49tkd - c:\windows\andy137.exe







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-22 12:59

Windows 5.1.2600 Service Pack 3 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------



[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,1c,33,76,c7,88,f7,40,b2,b9,59,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,1c,33,76,c7,88,f7,40,b2,b9,59,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'explorer.exe'(3348)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Dell AIO Printer A920\dlbkbmon.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\HP Software Update\HPWUCli.exe

c:\windows\system32\dwwin.exe

.

**************************************************************************

.

Completion time: 2011-01-22 13:07:06 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-22 18:07



Pre-Run: 11,238,551,552 bytes free

Post-Run: 11,567,017,984 bytes free



- - End Of File - - 0C52B20EFDA6D20B1D8ACBDA49431A72

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 AM

Posted 22 January 2011 - 02:20 PM

Hi

I think having the Recovery Console installed is beneficial, It can be extremely handy if a machine crashes, so if you can install it, then yes, I would go ahead and do so, it's extra insurance.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8087:TCP"=-

Driver::
DFBCFDBA

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:28091

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

I noted you don't have internet access with this machine...do you ever update your MBAM program? If not you might want to download the update to a USB and transfer it over.


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

Please advise how the computer is running and if there are any outstanding issues

Edited by CatByte, 22 January 2011 - 02:27 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 n8jk

n8jk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 27 January 2011 - 07:28 AM

Resolved!!! The system is running as it should. Thank you so much for your assistance-- deeply appreciated!

~N

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 AM

Posted 27 January 2011 - 08:35 AM

Hi

we still have some housekeeping to do

if you could please post the logs

once I can verify that you are clean, then there is tool removal to do and you should be all set.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:11 AM

Posted 05 February 2011 - 10:00 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users