Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Bogus "Security Tool" hijacked my PC

  1. #21
    Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default

    For antivirus I have been using Avast! I have been relying on the on-access protection, I have not been scanning the system as regularly as I should. I chose Avast mainly because I had heard good things about it and it was free. I will be getting a new system soon, is there an antivirus package you prefer?

    My latest Combofix log is attached:

    *************************************************

    ComboFix 09-10-15.02 - user 10/15/2009 20:34.3.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.563 [GMT -4:00]
    Running from: c:\documents and settings\user\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1356 [VPS 091015-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    FILE ::
    "c:\windows\system32\dobonede.exe"
    "c:\windows\system32\fefiweta.dll"
    "c:\windows\system32\fuwobozu.exe"
    "c:\windows\system32\loyuvejo.dll"
    "c:\windows\system32\sopejuwi.dll"
    "c:\windows\system32\yidusaze.dll"
    "c:\windows\system32\zayezeru.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\fefiweta.dll
    c:\windows\system32\loyuvejo.dll
    c:\windows\system32\sopejuwi.dll
    c:\windows\system32\yidusaze.dll
    c:\windows\system32\zayezeru.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 )))))))))))))))))))))))))))))))
    .

    2009-10-15 04:14 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-10-15 04:14 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-10-15 04:14 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-10-15 04:14 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-10-15 04:14 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-10-15 04:14 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-10-15 04:14 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-10-15 04:14 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-10-15 04:14 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
    2009-10-10 17:48 . 2009-10-10 17:48 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
    2009-10-10 17:44 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-10 17:44 . 2009-10-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-10-10 17:44 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-10 17:44 . 2009-10-15 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-10 11:57 . 2009-10-10 11:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-10-07 20:39 . 2009-10-07 20:42 -------- d-----w- C:\stuff
    2009-10-03 05:57 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-15 04:56 . 2006-10-30 01:36 -------- d-----w- c:\program files\World of Warcraft
    2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-11 02:40 . 2009-09-11 02:39 -------- d-----w- c:\program files\iTunes
    2009-09-11 02:40 . 2009-09-11 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-11 02:39 . 2009-09-11 02:39 -------- d-----w- c:\program files\iPod
    2009-09-11 02:39 . 2007-07-27 00:18 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-11 02:37 . 2009-09-11 02:36 -------- d-----w- c:\program files\QuickTime
    2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-20 03:15 . 2009-08-20 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2009-08-05 09:01 . 2004-08-05 03:29 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-05 00:44 . 2003-03-31 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
    2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-07-25 09:23 . 2009-01-06 23:57 411368 ----a-w- c:\windows\system32\deploytk.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-13_02.24.57 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-10-16 00:23 . 2009-10-16 00:23 16384 c:\windows\Temp\Perflib_Perfdata_618.dat
    - 2003-03-31 12:00 . 2009-04-18 01:11 71904 c:\windows\system32\perfc009.dat
    + 2003-03-31 12:00 . 2009-10-15 04:24 71904 c:\windows\system32\perfc009.dat
    + 2006-11-08 02:03 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
    - 2006-11-08 02:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
    - 2003-03-31 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
    + 2003-03-31 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
    + 2009-06-10 13:18 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-06-10 13:18 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2007-05-09 23:35 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2007-05-09 23:35 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
    + 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2006-05-10 05:22 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    + 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    - 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2009-10-15 04:22 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e04ae44a\System.Drawing.Design.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_72d3faa1\CustomMarshalers.dll
    + 2009-10-15 04:36 . 2009-10-15 04:36 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
    + 2009-10-15 04:32 . 2009-10-15 04:32 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
    + 2009-10-15 04:31 . 2009-10-15 04:31 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2004-08-04 07:56 . 2009-04-10 05:01 530280 c:\windows\system32\wmspdmod.dll
    - 2003-03-31 12:00 . 2009-04-18 01:11 444028 c:\windows\system32\perfh009.dat
    + 2003-03-31 12:00 . 2009-10-15 04:24 444028 c:\windows\system32\perfh009.dat
    + 2003-03-31 12:00 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
    - 2003-03-31 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
    + 2006-11-08 02:03 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
    - 2006-11-08 02:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
    + 2003-03-31 12:00 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
    - 2003-03-31 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
    + 2003-03-31 12:00 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
    - 2003-03-31 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
    + 2003-03-31 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-04 07:56 . 2009-04-10 05:01 530280 c:\windows\system32\dllcache\wmspdmod.dll
    + 2004-02-06 22:05 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
    + 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
    - 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
    + 2006-10-17 17:04 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
    - 2006-10-17 17:04 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
    + 2007-05-09 23:35 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
    - 2007-05-09 23:35 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-06-10 13:18 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
    - 2009-06-10 13:18 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
    - 2006-05-10 05:22 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2006-11-07 08:27 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2006-11-07 08:26 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2006-11-07 08:26 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
    - 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    - 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB974455-IE8\wininet.dll
    + 2009-10-15 04:22 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
    + 2009-10-15 04:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
    + 2009-10-15 04:22 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB974455-IE8\occache.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
    + 2009-10-15 04:22 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
    + 2009-04-01 02:42 . 2009-04-01 02:42 425984 c:\windows\assembly\temp\X48CFJNRVZ\System.configuration.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 113664 c:\windows\assembly\temp\RY26AEILQU\System.EnterpriseServices.Wrapper.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 258048 c:\windows\assembly\temp\RY26AEILQU\System.EnterpriseServices.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 626688 c:\windows\assembly\temp\RX048CGKOS\System.Drawing.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 303104 c:\windows\assembly\temp\8FJNQUY26A\System.Runtime.Remoting.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 114688 c:\windows\assembly\temp\6DHKOSW048\System.ServiceProcess.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 261632 c:\windows\assembly\temp\29DGKOSW04\System.Transactions.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_954ca136\System.Drawing.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_92a63d59\System.Drawing.Design.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a63494a3\CustomMarshalers.dll
    + 2009-10-15 04:36 . 2009-10-15 04:36 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
    + 2009-10-15 04:36 . 2009-10-15 04:36 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
    + 2009-10-15 04:35 . 2009-10-15 04:35 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
    + 2009-10-15 04:34 . 2009-10-15 04:34 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2009-10-15 04:24 . 2009-10-15 04:24 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2009-10-15 02:07 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
    - 2004-01-21 20:20 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
    + 2004-01-21 20:20 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
    - 2003-03-31 12:00 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
    + 2003-03-31 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
    + 2004-07-07 22:37 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
    - 2006-10-17 16:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
    + 2006-10-17 16:57 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
    - 2004-01-21 20:20 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
    + 2004-01-21 20:20 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
    + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
    + 2008-10-14 23:30 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2008-10-14 23:30 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    - 2008-10-14 23:30 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2008-10-14 23:30 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2008-10-14 23:30 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2008-10-14 23:30 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2008-10-14 23:30 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2006-05-19 15:08 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
    + 2007-05-09 23:35 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
    - 2007-05-09 23:35 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
    + 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    + 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    - 2008-11-25 08:59 . 2008-11-25 08:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
    + 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    - 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
    + 2009-10-15 04:22 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
    + 2009-10-15 04:22 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
    + 2008-10-14 23:30 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2008-10-14 23:30 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2008-10-14 23:30 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2008-10-14 23:30 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2008-10-14 23:30 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    + 2008-10-14 23:30 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    - 2008-10-14 23:30 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-04-01 02:42 . 2009-04-01 02:42 3149824 c:\windows\assembly\temp\JPTX159DGK\System.dll
    + 2009-04-01 02:42 . 2009-04-01 02:42 2933248 c:\windows\assembly\temp\HNRVZ37BEI\System.Data.dll
    + 2009-04-01 02:41 . 2009-04-01 02:41 5025792 c:\windows\assembly\temp\ELPTX158CG\System.Windows.Forms.dll
    + 2009-04-01 02:42 . 2009-04-01 02:42 2048000 c:\windows\assembly\temp\16AEIMQUY1\System.XML.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e3e89ef1\System.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_00ebd133\System.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fa08fedd\System.Xml.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7e899f16\System.Xml.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b059886c\System.Windows.Forms.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_86a9658b\System.Windows.Forms.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e9fe50cc\System.Drawing.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_eed9c862\System.Design.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_639f1042\System.Design.dll
    + 2009-10-15 04:20 . 2009-10-15 04:20 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_56e93e68\mscorlib.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_06d4717e\mscorlib.dll
    + 2009-10-15 04:31 . 2009-10-15 04:31 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
    + 2009-10-15 04:36 . 2009-10-15 04:36 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
    + 2009-10-15 04:31 . 2009-10-15 04:31 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
    + 2009-10-15 04:35 . 2009-10-15 04:35 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
    + 2009-10-15 04:35 . 2009-10-15 04:35 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll
    + 2009-10-15 04:35 . 2009-10-15 04:35 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
    + 2009-10-15 04:34 . 2009-10-15 04:34 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
    + 2009-10-15 04:34 . 2009-10-15 04:34 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
    + 2009-10-15 04:34 . 2009-10-15 04:34 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
    + 2009-10-15 04:31 . 2009-10-15 04:31 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2009-10-15 04:24 . 2009-10-15 04:24 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    + 2009-10-15 04:24 . 2009-10-15 04:24 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2009-04-01 02:41 . 2009-04-01 02:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2009-04-01 02:42 . 2009-04-01 02:42 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-10-15 04:23 . 2009-10-15 04:23 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    - 2007-07-11 05:03 . 2007-07-11 05:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2009-10-15 04:19 . 2009-10-15 04:19 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-07-11 05:03 . 2007-07-11 05:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-10-15 04:20 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe
    + 2006-11-08 02:03 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
    + 2007-05-09 23:35 . 2009-08-29 08:08 11069440 c:\windows\system32\dllcache\ieframe.dll
    + 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
    + 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows\Installer\1e0dc7.msp
    + 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\1e0dbf.msp
    + 2009-10-15 04:22 . 2009-07-19 22:48 11067392 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
    + 2009-10-15 04:35 . 2009-10-15 04:35 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
    + 2009-10-15 04:34 . 2009-10-15 04:34 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
    + 2009-10-15 04:33 . 2009-10-15 04:33 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
    + 2009-10-15 04:31 . 2009-10-15 04:31 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
    + 2009-10-15 04:31 . 2009-10-15 04:31 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-23 68856]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-10-06 866584]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\user\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-8-6 45056]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-1 176128]
    Kodak EasyShare software.lnk.disabled [2005-1-5 1807]
    Kodak software updater.lnk.disabled [2005-2-3 1996]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-1-17 438272]
    VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2004-7-8 565248]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet
    "ATI Launchpad"=
    "ATI Remote Control"=c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    "Explorer"=c:\program files\Internet Explorer\iexplore.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "ATI DeviceDetect"=c:\program files\ATI Multimedia\main\ATIDtct.EXE
    "ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\logon.scr"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7/8/2004 2:04 PM 77312]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/15/2009 12:14 AM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/15/2009 12:14 AM 20560]
    R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
    R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [8/1/2004 11:17 PM 34916]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/5/2009 10:12 PM 24652]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [10/5/2006 10:11 PM 13592]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{53604805-9690-4303-BC48-004F7783918C}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: turbotax.com
    DPF: ppctlcab - hxxp://69.44.122.156/scanner/ppctlcab.cab
    DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - hxxp://download.35mb.com/images/downloadapplet.cab
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhxlsyc9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    BHO-{cbd55d83-a001-4e8a-b093-34a14e83cadd} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-15 20:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(636)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-10-16 21:45
    ComboFix-quarantined-files.txt 2009-10-16 01:45
    ComboFix2.txt 2009-10-15 02:05
    ComboFix3.txt 2009-10-13 02:34

    Pre-Run: 61,010,178,048 bytes free
    Post-Run: 60,919,431,168 bytes free

    488 --- E O F --- 2009-10-15 04:24

  2. #22
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TimAndrews


    looks better, How's the computer running now? Any problems?

    1 - Update Java Runtime and Run JavaRa

    • Download Java Runtime
    • Go to HERE to download Java Runtime Environment Version 6 Update 16
    • Click on the link named Java Runtime Environment (JRE) 6 Update 16
    • Click on the radio button to Accept License Agreement
    • Click on Windows Offline Installation Multi-language and save the downloaded file to your desktop


    • Run JavaRa
    • Please download JavaRa and unzip it to your desktop.
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.


    • Install Java
    • Install the new version of Java by running the newly-downloaded file ( jre-6u13-windows-i586-p.exe) with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer


    2 - Clean temp files

    Please download ATF Cleaner by Atribune.

    • Save it to your desktop
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

      If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords
      please click No at the prompt.


      If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords
      please click No at the prompt.

    • Click Exit on the Main menu to close the program.


    For Technical Support double-click the e-mail address located at the bottom of each menu.

    3 - Kaspersky Online Scan

    • Please go to Kaspersky website and perform an online antivirus scan.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply along with a fresh HijackThis log.


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #23
    Junior Member
    Join Date
    Oct 2009
    Posts
    13

    Default

    Computer is at least back to where it was before, thanks.

    Kaspersky log

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, October 17, 2009
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Saturday, October 17, 2009 01:28:50
    Records in database: 3011656
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Objects scanned: 128109
    Threats found: 8
    Infected objects found: 18
    Suspicious objects found: 0
    Scan duration: 05:25:45


    File name / Threat / Threats count
    C:\Desktop stuff\New Installs\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\dijineho.dll.vir Infected: Trojan.Win32.Monderb.bewu 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gasesila.dll.vir Infected: Trojan.Win32.Stuh.agel 1
    C:\Qoobox\Quarantine\[4]-Submit_2009-10-14_21.45.58.zip Infected: Trojan.Win32.Monderb.bewu 1
    C:\Qoobox\Quarantine\[4]-Submit_2009-10-14_21.45.58.zip Infected: Packed.Win32.Krap.x 4
    C:\Qoobox\Quarantine\[4]-Submit_2009-10-14_21.45.58.zip Infected: Trojan.Win32.Plapon.xo 1
    C:\Qoobox\Quarantine\[4]-Submit_2009-10-14_21.45.58.zip Infected: Trojan.Win32.Monderb.bezb 1
    C:\Qoobox\Quarantine\[4]-Submit_2009-10-15_20.34.28.zip Infected: Trojan.Win32.Monderb.bfom 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP2\A0005194.dll Infected: Trojan.Win32.Monderb.bewu 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP2\A0005198.dll Infected: Trojan.Win32.Stuh.agel 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP2\A0005203.dll Infected: Trojan.Win32.Monderb.bewu 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP2\A0005217.dll Infected: Trojan.Win32.Monderb.bezb 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP3\A0005385.exe Infected: Trojan.Win32.FraudPack.vxk 1
    C:\System Volume Information\_restore{7AABCA1B-0391-45A8-88C4-AC7BC3805418}\RP3\A0005386.exe Infected: Trojan.Win32.FraudPack.vxk 1

    Selected area has been scanned.

    *************************

    HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:10:18 AM, on 10/17/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: (no name) - {cbd55d83-a001-4e8a-b093-34a14e83cadd} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak EasyShare software.lnk.disabled
    O4 - Global Startup: Kodak software updater.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amer-ml36.amer.csc.com/iNotes6W.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase5059.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetdbm.webex.com/client/wbs...ex/ieatgpc.cab
    O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://download.35mb.com/images/downloadapplet.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 14918 bytes

  4. #24
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi TimAndrews

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      • O2 - BHO: (no name) - {cbd55d83-a001-4e8a-b093-34a14e83cadd} - (no file)
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Your log now appears to be clean. Congratulations!

    To remove all of the tools we used and the files and folders they created do the following:

    Delete DDS, Win32kDiag, Inherit and exeHelper from your desktop.

    • Download OTC by OldTimer and save it to your desktop.
    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Being Cleanup Process". Please select Yes.
    • Restart your computer when prompted.


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Disable and Enable System Restore-WINDOWS XP
    This is a good time to clear your existing system restore points and establish a new clean restore point:

    Turn off System Restore
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    • Reboot.

    Turn ON System Restore
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check *Turn off System Restore*.
    • Click Apply, and then click OK.

    This will remove all restore points except the new one you just created.

    Here are some free programs I recommend that could help you improve your computer's security.

    Spybot Search and Destroy 1.6
    Download it from here. Just choose a mirror and off you go.
    Find here the tutorial on how to use Spybot properly here

    Install SpyWare Blaster 4.0
    Download it from here
    Find here the tutorial on how to use Spyware Blaster here

    WinPatrol
    Download it from here
    Here you can find information about how WinPatrol works here

    FireTrust SiteHound
    You can find information and download it from here

    MVPS Hosts File from here
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

    Visit Microsoft often to get the latest updates for your computer.
    http://www.update.microsoft.com

    Please check out Tony Klein's article "How did I get infected in the first place?"

    Read some information here how to prevent Malware.


    Happy safe surfing!
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  5. #25
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •