View Full Version : Smitfraud-C.CoreService
spybot it is showing that I have smitfraud-c.coreservice, it wont remove it this is the hjk, what should I do, let me know please, thanks so much.:red:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:50:45 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Essa\My Documents\My Received Files\HiJackThis_v2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {636F305C-D395-4241-9F02-41668A496A00} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9396f585-2747-419e-a5f2-0db0e15493e0} - C:\WINDOWS\system32\pdlxkqm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BADDD50E-7D00-4B58-BE86-6780B6BFAF3A} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7626 bytes
Hello ,
We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.
Regards,
Rosty.
thank you so much for the reply
Hi,
welcome to safer Networking Forums. My name is Rosty and I'm going to help you with your log.
Download and Install SDFix
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Next,
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) by Atribune from Atribune and save it to your desktop.
Double click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
If you receive this error - "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid" , please download this file (http://windowsxp.mvps.org/utils/Comdlg32.zip) and save it to your desktop.
Right click on Comdlg32.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
On the text box above the Browse button, copy and paste in C:\Windows\system32.
Click OK.
Uncheck (untick) the Show extracted files box and click Finish.
Click on Start > Run and copy and paste in the following into the Run box:
REGSVR32 C:\Windows\system32\comdlg32.ocx
Press Enter.
You should receive this message - "DllRegisterServer in C:\Windows\system32\comdlg32.ocx succeeded."
Click OK and restart your computer. Then try running VundoFix again.
Next,
Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Run SDFix
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please open HijackThis, click do a scan only and place a check next to the following entries:
O2 - BHO: (no name) - {636F305C-D395-4241-9F02-41668A496A00} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9396f585-2747-419e-a5f2-0db0e15493e0} - C:\WINDOWS\system32\pdlxkqm.dll
O2 - BHO: (no name) - {BADDD50E-7D00-4B58-BE86-6780B6BFAF3A} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll
Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.
Finally paste the contents of the Report.txt, the vundofix log and a new HijackThis log back on the forum.
Regards,
Rosty
this is the hijack file:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:58:15 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\Essa\My Documents\My Received Files\HiJackThis_v2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {9ad4a8b2-0d7e-d64b-daa4-5aa23e3dcdd6} - {6ddcd3e3-2aa5-4aad-b46d-e7d02b8a4da9} - C:\WINDOWS\system32\qmsfmymu.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2E435E3-8B76-414A-A92E-FBA7E18A495A} - C:\WINDOWS\system32\mljgf.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [6c396d90] rundll32.exe "C:\WINDOWS\system32\uouecjbs.dll",b
O4 - HKLM\..\Run: [BM6f0a5e0c] Rundll32.exe "C:\WINDOWS\system32\dnddregh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6305 bytes
[b]SDFix: Version 1.157
Run by Essa on Fri 03/14/2008 at 10:36 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 10:45:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x60c"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=str(7):"c:\dell\drivers\r174511\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 11 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\943145d6fda2a3de96e33285d992c3a5\BIT2.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT1.tmp"
Finished!
VundoFix V7.0.3
Scan started at 9:57:21 AM 3/14/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Beginning removal...
VundoFix V7.0.3
Scan started at 10:09:12 AM 3/14/2008
Listing files found while scanning....
VundoFix V7.0.3
Scan started at 10:12:31 AM 3/14/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
it did not show there is any problems but my computer is s o slow I do not know why?
after I send you guys those logs I checked for problems with spypot and It found one entries from doubleclick, two entries from mediaplex, one entries from statcounter and three entries from virtumode and then I restarted the computer two times checking with the spybot it still showed the three entries of virtumode and some other things, what should I do?
Hi again,
We need to update your version of Hijackthis to the latest release.
Please find and delete the Hijackthis.exe you already have installed.
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.
Next,
Create a Startup List
Open HiJackThis
Click on the "Config..." button on the bottom right
Click on the tab "Misc Tools"
Check off the 2 boxes next to the Box that says "Generate StartupList log"
Copy and past the StartupList from the notepad into your next post
Please visit the webpage HERE (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) for instructions for downloading and running ComboFix.
When finished, it shall produce a log for you. Post that log and a HiJackthis log, from the new version,and the startuplist in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:50 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [6c396d90] rundll32.exe "C:\WINDOWS\system32\suxbqjni.dll",b
O4 - HKLM\..\Run: [BM6f0a5e0c] Rundll32.exe "C:\WINDOWS\system32\dnddregh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
ComboFix 08-03-14.4 - Essa 2008-03-15 7:59:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -7:00]
Running from: C:\Documents and Settings\Essa\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM6f0a5e0c.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dnddregh.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\hgghfef.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\injqbxus.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\qgkckpov.dll
C:\WINDOWS\system32\qmsfmymu.dll
C:\WINDOWS\system32\suxbqjni.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_TNIDRIVER
-------\TnIDriver
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-15 07:12 . 2008-03-15 07:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-03-14 18:55 . 2008-03-14 21:26 4,226 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-14 18:54 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-14 18:54 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-14 18:54 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-14 18:54 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-14 18:54 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-14 18:54 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-14 18:54 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-14 17:09 . 2008-03-14 17:11 <DIR> d-------- C:\Erase027.tmp
2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\CyberScrub
2008-03-14 13:28 . 2007-02-07 11:08 84 --a------ C:\WINDOWS\csact.ini
2008-03-14 12:40 . 2007-12-06 19:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-14 12:39 . 2007-12-06 19:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-14 12:39 . 2007-06-30 20:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-14 12:39 . 2007-06-30 20:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-14 12:39 . 2007-12-06 19:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-14 12:39 . 2007-12-06 19:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-14 12:39 . 2007-12-06 19:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-14 12:39 . 2007-12-06 19:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-14 12:39 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-14 09:57 . 2008-03-14 13:47 <DIR> d-------- C:\VundoFix Backups
2008-03-14 09:55 . 2008-03-14 10:47 <DIR> d-------- C:\SDFix
2008-03-14 09:54 . 2008-03-14 10:48 1,359,741 ---hs---- C:\WINDOWS\system32\sbjceuou.ini
2008-03-13 22:14 . 2008-03-13 22:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-12 15:33 . 2008-03-13 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 12:02 . 2008-03-12 12:02 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-12 11:51 . 2008-03-12 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-12 11:50 . 2008-03-12 21:24 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-12 11:50 . 2008-03-12 11:57 <DIR> d-------- C:\WINDOWS\system32\sbc2
2008-03-12 11:50 . 2008-03-12 11:50 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-12 11:50 . 2008-03-12 21:23 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-03-12 11:50 . 2008-03-12 15:37 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-12 11:50 . 2008-03-12 11:50 <DIR> d-------- C:\WINDOWS\system32\dr6
2008-03-12 11:50 . 2008-03-15 08:00 <DIR> d-------- C:\Temp
2008-03-12 11:50 . 2008-03-12 11:50 40,960 --a------ C:\Documents and Settings\Essa\f.exe
2008-03-12 10:37 . 2008-03-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-03-11 11:21 . 2008-03-12 12:02 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\LimeWire
2008-03-11 11:21 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-11 11:20 . 2008-03-11 11:21 <DIR> d-------- C:\Program Files\Java
2008-03-11 11:20 . 2008-03-11 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-02 12:38 . 2008-03-02 12:38 3,093 --a------ C:\WINDOWS\system32\Ramadan2.SDT
2008-03-02 11:01 . 2008-03-02 11:01 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2008-03-02 11:01 . 2008-03-02 12:39 94,208 --a------ C:\WINDOWS\system32\ScrUnZip.dll
2008-02-29 12:37 . 2008-02-29 12:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-29 12:36 . 2008-02-29 12:36 <DIR> d-------- C:\WINDOWS\system32\athan
2008-02-29 12:36 . 2008-02-29 12:37 <DIR> d-------- C:\Program Files\Athan
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-27 12:55 . 2008-02-27 12:55 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\BestOn
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\Program Files\BestOn
2008-02-27 12:50 . 2008-02-27 12:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-27 12:50 . 2008-02-27 12:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-22 18:16 . 2008-02-22 18:16 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-18 13:01 . 2008-02-18 13:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-17 07:07 . 2008-02-17 07:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-17 07:07 . 2008-02-17 07:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 06:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 06:59 --------- d-----w C:\Program Files\Google
2008-02-23 01:16 --------- d-----w C:\Program Files\Real
2008-02-23 01:16 --------- d-----w C:\Program Files\Common Files\Real
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\Essa\Application Data\DivX
2008-02-14 20:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 22:57 --------- d-----w C:\Documents and Settings\Essa\Application Data\Roxio
2008-02-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 19:55 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-13 19:54 --------- d-----w C:\Program Files\Roxio
2008-02-13 19:54 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 21:08 --------- d-----w C:\Documents and Settings\Essa\Application Data\VoipCheapCom
2008-02-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 17:13 --------- d-----w C:\Program Files\Common Files\EZVGACam
2008-02-11 17:13 --------- d-----w C:\Documents and Settings\Essa\Application Data\InstallShield
2008-02-11 17:01 --------- d-----w C:\Program Files\DivX
2008-02-11 03:07 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-11 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-11 03:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 02:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 02:54 --------- d-----w C:\Program Files\Windows Live
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-10 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 23:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:37 --------- d-----w C:\Program Files\SigmaTel
2008-02-10 21:26 --------- d-----w C:\Documents and Settings\Essa\Application Data\ATI
2008-02-10 21:23 --------- d-----w C:\Program Files\ATI Technologies
2008-02-10 21:19 --------- d-----w C:\Program Files\Dell
2008-02-10 21:18 --------- d-----w C:\Program Files\DIFX
2008-02-10 21:18 --------- d-----w C:\Program Files\Broadcom
2008-02-10 21:17 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 21:17 --------- d-----w C:\Program Files\AMD
2008-02-10 01:08 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-11-29 17:28 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 15:12 843776]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 18:15 185896]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 12:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfef]
hgghfef.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 06:38:03 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 08:05:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-03-15 8:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 15:07:42
.
2008-03-15 06:43:55 --- E O F ---
Hi,
can you post the startuplist also?
Make an uninstall list using HijackThisTo access the Uninstall Manager you would do the following:
Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Please post that log.
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AMD Processor Driver
Athan Basic 3.3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
AVG 7.5
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Ezonics VGA camera
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java(TM) 6 Update 4
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Script Debugger
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Theme Nunavut
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946501-v2)
Update for Windows XP (KB946627)
WebCam Suite 2.0
Windows Defender
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 1
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Winter Fun Pack for Windows Movie Maker 2
Hi,
sorry for the delay in getting back to you.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune. (This program is for XP and Windows 2000 only)
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Next,
1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\Erase027.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\csact.ini
C:\Documents and Settings\Essa\f.exe
C:\WINDOWS\system32\sbjceuou.ini
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\sbc2
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\dr6
C:\SDFix
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfef]
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
5. Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.
If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.
NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:
Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log The MBAM log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:30 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 7144 bytes
Malwarebytes' Anti-Malware 1.08
Database version: 499
Scan type: Full Scan (C:\|)
Objects scanned: 74202
Time elapsed: 27 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.
Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\Essa\f.exe.vir (Spyware.FirePass) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dr6\crecomdll1.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lows8\spgdn65.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP33\A0017598.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0017773.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP45\A0027312.exe (Spyware.FirePass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034304.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034305.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034306.exe (Spyware.FirePass) -> Quarantined and deleted successfully.
I am trying to post the combo log but it will not post it, it is saying that it is too long, so what should I do.
I am trying to post the combo log but it will not post it, it is saying that it is too long, so what should I do.
Please post it in 2 posts then!!
ComboFix 08-03-14.4 - Essa 2008-03-17 14:35:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -7:00]
Running from: C:\Documents and Settings\Essa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Essa\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\Essa\f.exe
C:\Erase027.tmp
C:\WINDOWS\csact.ini
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\sbjceuou.ini
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.
2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\Malwarebytes
2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-16 21:41 . 2008-03-16 21:41 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-16 16:48 . 2008-03-16 16:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 16:48 . 2008-03-16 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 09:45 . 2008-03-17 03:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 09:45 . 2008-03-17 03:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 17:17 . 2008-03-15 17:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 11:30 . 2008-03-15 11:32 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-15 11:18 . 2008-03-15 11:18 <DIR> d-------- C:\Program Files\MSECache
2008-03-15 10:55 . 2008-03-15 10:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-15 10:55 . 2008-03-15 10:55 <DIR> d-------- C:\d032524d5b2c5336a8
2008-03-15 10:55 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-15 10:54 . 2008-03-15 10:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 10:54 . 2008-03-15 10:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Documents and Settings\Essa\SecurityScans
2008-03-15 10:35 . 2008-03-15 10:35 <DIR> d-------- C:\Program Files\Microsoft Script Debugger
2008-03-15 10:33 . 2008-03-15 10:33 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2008-03-15 10:30 . 2008-03-15 10:30 870 --a------ C:\Microsoft Baseline Security Analyzer 2.0.1.lnk
2008-03-15 10:24 . 2008-03-15 17:20 <DIR> d-------- C:\DECCHECK
2008-03-15 10:18 . 2008-03-15 10:18 <DIR> d-------- C:\MMSTFX
2008-03-15 10:17 . 2008-03-15 10:17 <DIR> d-------- C:\Program Files\Temp
2008-03-15 10:07 . 2008-03-15 10:08 1,127,928 --a------ C:\wmm_wdm_sdk.EXE
2008-03-15 10:04 . 2008-03-15 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-15 09:43 . 2008-03-15 09:43 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-15 09:27 . 2008-03-15 09:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-15 09:27 . 2008-03-15 09:27 1,454,656 --a------ C:\Silverlight.exe
2008-03-15 08:47 . 2008-03-17 10:52 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\AVG7
2008-03-15 08:46 . 2008-03-15 08:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-15 08:46 . 2008-03-15 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-15 08:46 . 2008-03-15 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-15 07:39 . 2008-03-15 07:39 4,608,744 --a------ C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-03-15 07:12 . 2008-03-15 07:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-03-14 18:54 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-14 18:54 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-14 17:09 . 2008-03-14 17:11 <DIR> d-------- C:\Erase027.tmp
2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\CyberScrub
2008-03-14 12:46 . 2008-03-14 12:46 <DIR> d-------- C:\a15e813a9591e01ef639
2008-03-14 12:40 . 2008-03-03 20:01 585,728 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-14 12:39 . 2008-03-03 20:01 8,016,384 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-14 12:39 . 2008-02-07 17:48 3,670,112 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-14 12:39 . 2008-03-03 20:01 1,110,016 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-14 12:39 . 2008-03-03 19:34 440,832 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-14 12:39 . 2008-03-03 19:50 268,800 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-14 12:39 . 2008-03-03 19:50 60,928 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-14 12:39 . 2008-03-03 20:01 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-14 12:39 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-14 10:56 . 2008-03-15 09:57 <DIR> d-------- C:\backups
2008-03-13 22:14 . 2008-03-13 22:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-12 15:33 . 2008-03-13 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 11:51 . 2008-03-12 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-12 11:50 . 2008-03-15 09:55 <DIR> d-------- C:\Temp
2008-03-12 10:37 . 2008-03-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-03-11 11:21 . 2008-03-12 12:02 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\LimeWire
2008-03-11 11:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-11 11:20 . 2008-03-16 20:25 <DIR> d-------- C:\Program Files\Java
2008-03-11 11:20 . 2008-03-11 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-02 12:38 . 2008-03-02 12:38 3,093 --a------ C:\WINDOWS\system32\Ramadan2.SDT
2008-03-02 11:01 . 2008-03-02 11:01 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2008-03-02 11:01 . 2008-03-02 12:39 94,208 --a------ C:\WINDOWS\system32\ScrUnZip.dll
2008-02-29 12:37 . 2008-02-29 12:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-29 12:36 . 2008-02-29 12:36 <DIR> d-------- C:\WINDOWS\system32\athan
2008-02-29 12:36 . 2008-02-29 12:37 <DIR> d-------- C:\Program Files\Athan
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-27 12:55 . 2008-02-27 12:55 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\BestOn
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\Program Files\BestOn
2008-02-27 12:50 . 2008-03-15 10:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-27 12:50 . 2008-02-27 12:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-22 18:16 . 2008-02-22 18:16 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 22:33 . 2008-02-20 22:33 13,366 --------- C:\WINDOWS\system32\IE8Eula.rtf
2008-02-18 13:01 . 2008-02-18 13:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-17 07:07 . 2008-02-17 07:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-17 07:07 . 2008-02-17 07:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 06:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 06:59 --------- d-----w C:\Program Files\Google
2008-03-05 23:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 23:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 23:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 22:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 22:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-04 03:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 03:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 03:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 02:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 02:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 02:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 02:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 02:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 02:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 02:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 02:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-23 01:16 --------- d-----w C:\Program Files\Real
2008-02-23 01:16 --------- d-----w C:\Program Files\Common Files\Real
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\Essa\Application Data\DivX
2008-02-14 20:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 22:57 --------- d-----w C:\Documents and Settings\Essa\Application Data\Roxio
2008-02-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 19:55 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-13 19:54 --------- d-----w C:\Program Files\Roxio
2008-02-13 19:54 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 21:08 --------- d-----w C:\Documents and Settings\Essa\Application Data\VoipCheapCom
2008-02-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 17:13 --------- d-----w C:\Program Files\Common Files\EZVGACam
2008-02-11 17:13 --------- d-----w C:\Documents and Settings\Essa\Application Data\InstallShield
2008-02-11 17:01 --------- d-----w C:\Program Files\DivX
2008-02-11 03:07 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-11 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-11 03:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 02:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 02:54 --------- d-----w C:\Program Files\Windows Live
2008-02-10 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 23:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:37 --------- d-----w C:\Program Files\SigmaTel
2008-02-10 21:26 --------- d-----w C:\Documents and Settings\Essa\Application Data\ATI
2008-02-10 21:23 --------- d-----w C:\Program Files\ATI Technologies
2008-02-10 21:19 --------- d-----w C:\Program Files\Dell
2008-02-10 21:18 --------- d-----w C:\Program Files\DIFX
2008-02-10 21:18 --------- d-----w C:\Program Files\Broadcom
2008-02-10 21:17 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 21:17 --------- d-----w C:\Program Files\AMD
2008-02-10 01:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 06:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-02-05 01:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-11 18:35 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-01-11 18:35 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-01-11 18:35 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-12-31 12:07 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-15_ 8.07.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-03-15 17:48:06 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-15 17:48:07 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-15 17:48:07 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-15 17:47:53 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:55 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:57 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:59 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:48:07 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:48:08 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-15 17:48:08 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-15 17:48:08 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-15 17:48:09 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-15 17:48:05 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-08-14 01:39:20 71,680 -c--a-w C:\WINDOWS\ie8\admparse.dll
+ 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\ie8\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie8\corpol.dll
+ 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\ie8\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\ie8\dxtrans.dll
+ 2007-08-14 01:18:02 60,416 -c--a-w C:\WINDOWS\ie8\hmmapi.dll
+ 2007-12-07 02:21:45 63,488 -c--a-w C:\WINDOWS\ie8\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\ie8\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\ie8\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\ie8\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\ie8\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dat
+ 2007-12-07 02:21:45 383,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\ie8\iedkcs32.dll
+ 2007-08-14 01:44:02 69,120 -c--a-w C:\WINDOWS\ie8\iedw.exe
+ 2007-08-14 01:45:18 78,336 -c--a-w C:\WINDOWS\ie8\ieencode.dll
+ 2007-12-07 02:21:46 6,066,176 -c--a-w C:\WINDOWS\ie8\ieframe.dll
+ 2007-08-14 01:54:10 191,488 -c--a-w C:\WINDOWS\ie8\iepeers.dll
+ 2007-08-14 01:54:10 287,744 -c--a-w C:\WINDOWS\ie8\ieproxy.dll
+ 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\ie8\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c--a-w C:\WINDOWS\ie8\iertutil.dll
+ 2007-08-14 01:39:12 55,296 -c--a-w C:\WINDOWS\ie8\iesetup.dll
+ 2007-08-14 01:54:10 180,736 -c--a-w C:\WINDOWS\ie8\ieui.dll
+ 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\ie8\iexplore.exe
+ 2007-08-14 01:36:06 36,352 -c--a-w C:\WINDOWS\ie8\imgutil.dll
+ 2007-08-14 01:39:02 92,672 -c--a-w C:\WINDOWS\ie8\inseng.dll
+ 2007-08-14 01:38:04 491,520 -c--a-w C:\WINDOWS\ie8\jscript.dll
+ 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\ie8\jsproxy.dll
+ 2007-08-14 01:44:18 40,960 -c--a-w C:\WINDOWS\ie8\licmgr10.dll
+ 2007-12-07 02:21:47 459,264 -c--a-w C:\WINDOWS\ie8\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c--a-w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2007-08-14 01:36:40 12,288 -c--a-w C:\WINDOWS\ie8\msfeedssync.exe
+ 2007-08-14 01:32:30 45,568 -c--a-w C:\WINDOWS\ie8\mshta.exe
+ 2007-12-08 17:51:48 3,592,192 -c--a-w C:\WINDOWS\ie8\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\ie8\mshtmled.dll
+ 2007-08-14 01:01:12 48,128 -c--a-w C:\WINDOWS\ie8\mshtmler.dll
+ 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\ie8\msls31.dll
+ 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\ie8\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\ie8\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\ie8\occache.dll
+ 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie8\spuninst.exe
+ 2008-03-04 03:01:58 51,784 -c--a-w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-01-11 18:35:36 213,216 -c--a-w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-01-11 18:35:36 371,424 -c--a-w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\ie8\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\ie8\urlmon.dll
+ 2007-08-14 01:54:10 413,696 -c--a-w C:\WINDOWS\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\ie8\vgx.dll
+ 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\ie8\webcheck.dll
+ 2007-08-14 01:45:16 206,336 -c--a-w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\ie8\wininet.dll
- 2004-08-04 12:00:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-03-23 02:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-23 02:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 20:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 20:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 21:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 20:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 20:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-19 00:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 20:35:04 6,747,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 20:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 20:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 20:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 20:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 20:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 20:35:46 133,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 20:36:08 612,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 20:34:48 562,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-23 02:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 02:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 02:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 00:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 20:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-05-10 00:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
- 2008-03-15 06:09:34 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-15 16:54:29 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-15 06:09:34 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-15 16:54:29 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-15 06:09:34 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-15 16:54:29 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-15 06:09:34 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-15 16:54:29 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-15 06:09:34 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-15 16:54:29 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-15 06:09:34 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-15 16:54:29 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-15 06:09:34 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-15 16:54:30 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-15 06:09:35 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-15 16:54:30 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-15 06:09:34 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-15 16:54:29 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-15 06:09:34 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-15 16:54:29 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-15 06:09:35 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-15 16:54:30 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-15 06:09:33 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-15 16:54:29 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-15 06:09:33 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-15 16:54:29 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-15 06:14:12 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-15 16:52:56 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-15 06:14:12 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-15 16:52:57 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-15 06:14:12 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-15 16:52:57 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-15 06:14:12 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-03-15 16:52:56 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2005-03-18 23:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 23:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 23:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 19:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 23:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 23:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 23:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 23:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 22:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 02:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 22:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 00:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 21:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 00:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 14:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 18:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvadvd.dll
- 2005-01-28 21:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2004-08-11 08:45:04 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2005-01-28 21:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2004-08-11 08:45:04 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2005-01-28 21:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2004-08-11 08:45:06 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2004-08-11 08:45:06 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2005-01-28 21:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-11 08:45:06 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-04 02:51:42 126,464 ----a-w C:\WINDOWS\system32\advpack.dll
- 2002-12-11 23:16:58 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 21:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 04:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 21:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2007-03-12 23:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 23:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-20 01:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 22:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2007-03-15 23:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 23:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-20 01:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 16:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2005-02-06 02:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-19 00:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 22:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 02:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-06 01:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 15:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 19:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 23:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 20:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-03-12 23:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 23:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-20 01:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 22:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
- 2007-08-14 01:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-04 02:51:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-04 02:51:42 126,464 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2002-12-11 23:16:58 7,680 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-01-28 21:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 04:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 21:44:28 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 35,328 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2008-03-04 02:52:20 17,920 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2005-01-28 21:44:28 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-04 02:50:34 345,600 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-04 02:50:30 212,992 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-04 02:46:02 68,096 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-04 02:51:52 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-04 02:51:56 119,808 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-04 02:52:04 224,768 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-04 02:51:50 149,504 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-04 02:52:02 349,184 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-03-04 02:52:46 70,656 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-14 01:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-04 02:53:14 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-14 01:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-04 03:01:22 184,320 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-04 02:51:46 44,032 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-03-04 02:51:48 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-03-04 02:52:48 599,552 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-03-04 02:50:30 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-14 01:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-03-04 02:51:46 94,208 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-14 01:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-04 02:51:38 557,056 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-04 03:01:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2005-01-28 21:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 04:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2007-08-14 01:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2008-03-04 02:52:54 41,984 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2005-01-28 21:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 03:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-04 12:00:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2007-12-31 12:07:20 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-14 01:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-04 02:50:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-12-08 17:51:48 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-04 03:01:22 5,120,000 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-04 03:01:22 68,608 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-03-04 02:50:16 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-04 03:01:22 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2005-01-28 21:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 21:44:28 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 04:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 21:44:28 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 04:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-04 02:52:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2005-01-28 21:44:28 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 23:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-04 03:01:22 629,248 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2005-01-28 21:44:28 315,904 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 04:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-04 02:52:52 116,224 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-04 02:50:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-01-28 21:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 04:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 12:00:00 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2008-01-11 18:35:32 134,144 -c----w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2004-08-04 12:00:00 208,896 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-04 02:52:54 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-04 03:01:22 1,188,352 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-03-04 03:01:22 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-04 03:01:22 755,200 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-04 03:01:22 233,984 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-04 03:01:22 830,464 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 21:44:28 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 21:44:28 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-28 01:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 00:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2005-01-28 21:44:28 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 04:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 21:44:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 04:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-04 12:00:00 168,448 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2005-01-28 21:44:28 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 04:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-01-28 21:44:28 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 10:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-04 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-04 12:00:00 2,940,928 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2005-01-28 21:44:28 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 21:44:28 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 21:44:28 413,944 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 21:44:28 940,544 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 21:44:28 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 21:44:28 1,003,008 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2008-03-15 15:46:46 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-03-15 15:46:54 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-03-15 15:46:55 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-03-15 15:56:42 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-03-15 15:56:40 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-03-15 15:46:55 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2006-10-19 04:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 21:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 03:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-29 01:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 02:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 03:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2005-01-28 21:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-04 02:50:34 345,600 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-04 02:50:30 212,992 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-15 06:40:29 291,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-15 18:40:34 310,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-04 02:50:40 60,928 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-03-04 02:51:52 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-04 02:51:56 119,808 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-04 02:52:04 224,768 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-03-04 02:51:50 149,504 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-02-08 00:48:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-04 02:34:48 440,832 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-04 02:52:02 349,184 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-04 03:01:22 8,016,384 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-03-04 03:01:22 184,320 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-04 02:51:46 44,032 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-04 02:50:38 268,800 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-03-04 02:51:46 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-14 01:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-03-04 03:01:22 181,248 ----a-w C:\WINDOWS\system32\ieui.dll
- 2007-08-14 01:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-03-04 02:51:46 94,208 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-12-14 07:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-12-14 07:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-12-14 08:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-14 01:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-03-04 02:51:38 557,056 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-04 03:01:22 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2005-01-28 21:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 04:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-01-28 21:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 03:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 1999-02-28 09:32:52 124,200 ----a-w C:\WINDOWS\system32\mdm.exe
+ 2006-10-19 04:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 04:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 04:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 04:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 1999-02-28 09:31:26 69,120 ----a-w C:\WINDOWS\system32\msdbg.dll
+ 2006-10-02 22:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-04 03:01:22 585,728 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-04 03:01:22 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-03-04 02:50:46 52,736 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2007-12-08 17:51:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-04 03:01:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-04 03:01:22 68,608 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-01-28 21:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 21:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 04:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 21:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 04:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-04 02:52:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2005-01-28 21:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 23:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-04 03:01:22 629,248 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-01-28 21:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 04:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-04 02:52:52 116,224 ----a-w C:\WINDOWS\system32\occache.dll
+ 1999-02-28 09:32:16 183,574 ----a-w C:\WINDOWS\system32\pdm.dll
- 2008-03-15 14:11:08 60,182 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-17 21:35:44 61,026 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 14:11:08 398,128 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-17 21:35:44 401,032 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-04 02:50:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-19 04:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 04:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 04:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 04:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 04:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2007-02-15 22:22:26 688,000 ----a-w C:\WINDOWS\system32\SelfHelpControl.DLL
- 2006-12-10 22:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-07 00:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-04 02:52:54 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-04 03:01:22 1,188,352 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-01-28 21:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-28 21:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 04:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-01-28 21:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-04 03:01:22 233,984 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-14 01:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-03-04 02:53:08 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2005-01-28 21:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2005-01-28 21:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 00:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 21:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 04:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 21:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 04:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 21:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 04:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 21:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 04:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 04:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 12:00:00 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 21:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 04:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 21:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 10:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 12:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 12:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-19 04:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 12:00:00 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 12:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 21:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 21:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 21:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 21:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 21:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 04:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 21:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 21:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 04:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 04:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 04:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2005-01-28 21:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 04:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 21:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 04:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 21:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 04:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 21:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 04:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 04:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 03:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 04:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 21:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 04:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 03:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-29 01:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-29 01:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-29 01:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-29 01:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2006-02-03 15:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 19:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 10:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2006-02-03 15:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 19:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2007-10-22 10:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-05-31 14:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 16:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 23:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 19:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 22:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-05 01:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-21 03:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-20 07:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2006-03-31 19:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 16:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-05 01:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-06 01:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 18:35:38 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-11-29 17:28 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 15:12 843776]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 18:15 185896]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 12:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 08:56 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 08:46 219136]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:34:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-15 06:38:03 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-03-17 17:54:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A40088E4-E173-4F8F-8FD8-A71A10E85160}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 14:37:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-17 14:37:32
ComboFix-quarantined-files.txt 2008-03-17 21:37:30
ComboFix2.txt 2008-03-15 15:07:46
.
2008-03-15 23:30:03 --- E O F ---
Hi,
thanks for the logs. They looks clean to me but to be sure lets do the next:
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner). Please use Internet Explorer as it uses ActiveX.
Click on Kaspersky Online Scanner and click Accept
You will be promted to install an ActiveX component from Kaspersky, so click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan select My Computer.
The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button and save the file to your desktop.
Please, tell me also how your system is running.
Regards,
Rosty.
thanks for asking, my computer is working really good and it is really fast thanks for your help, but I have one problem I do not know what to do is that when I close the lid for the computer it does not log off which it is wasting so much battry and it is always on.
<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>
<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>
<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Tuesday, March 18, 2008 11:55:46 PM<br>
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)<br>
Kaspersky Online Scanner version: 5.0.98.0<br>
Kaspersky Anti-Virus database last update: 19/03/2008<br>
Kaspersky Anti-Virus database records: 639642<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>extended</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>My Computer</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
C:\<br>
D:\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>53935</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>5</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>12</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>2</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:36:38</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>C:\backups\backup-20080314-105630-652.dll </td>
<td>Infected: not-a-virus:AdWare.Win32.Virtumonde.gen </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03152008-094403.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant1.zip/v1.8.8/wbuninst.exe </td>
<td>Suspicious: Password-protected-EXE </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant1.zip </td>
<td>ZIP: suspicious - 1 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\cert8.db </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\formhistory.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\history.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\key3.db </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\parent.lock </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\search.sqlite </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\urlclassifier2.sqlite </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FE4A3429-F572-11DC-871D-0019B962555D}.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75089295-F573-11DC-871D-0019B962555D}.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE4A342A-F572-11DC-871D-0019B962555D}.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{78BCB575-C943-4C4D-A89F-4B3FF03CBB89} </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\874DFC43d01 </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_001_ </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_002_ </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_003_ </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_MAP_ </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\fla4AF.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\hsperfdata_Essa\1892 </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\~DF4164.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\~DF7787.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\~DFE258.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temp\~DFFFF9.tmp </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Shared\27 Dresses CAM XViD-NYSLVR.zip/Setup.exe </td>
<td>Infected: Trojan-Downloader.Win32.VB.bsa </td>
<td>skipped
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Essa\Shared\27 Dresses CAM XViD-NYSLVR.zip </td>
<td>ZIP: infected - 1 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\FrostWire\log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe </td>
<td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\QooBox\Quarantine\C\WINDOWS\system32\dnddregh.dll.vir </td>
<td>Infected: not-a-virus:AdWare.Win32.Virtumonde.gen </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0019958.exe </td>
<td>Infected: not-a-virus:PSWTool.Win32.PassView.ag </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0019968.exe </td>
<td>Infected: not-a-virus:PSWTool.Win32.PassView.ag </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033142.exe </td>
<td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe/data.rar/SmitfraudFix/Reboot.exe </td>
<td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe/data.rar </td>
<td>Infected: not-a-virus:RiskTool.Win32.Reboot.f </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe </td>
<td>RarSFX: infected - 2 </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP53\A0033231.dll </td>
<td>Infected: not-a-virus:AdWare.Win32.Virtumonde.gen </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP81\change.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SchedLgU.Txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{7C400457-9759-403F-BAC5-0E0F5FDF1EFD}.bin </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Sti_Trace.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\ACEEvent.evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\default </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\default.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\Internet.evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SAM </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SECURITY </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\software </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\software.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\system </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\config\system.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\h323log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiadebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiaservc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\WindowsUpdate.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td colspan='3' height='20'><b>Scan process completed.</b></td>
</tr>
</table>
</body>
</html>
Hi,
this is difficult to read!! What did you do that the log is posted in this way?
I am sorry, I did not d any thing that how it came up first, I think this is a better one:
Tuesday, March 18, 2008 11:55:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/03/2008
Kaspersky Anti-Virus database records: 639642
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 53935
Number of viruses found 5
Number of infected objects 12
Number of suspicious objects 2
Duration of the scan process 01:36:38
Infected Object Name Virus Name Last Action
C:\backups\backup-20080314-105630-652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03152008-094403.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant1.zip/v1.8.8/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\cert8.db Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\history.dat Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\key3.db Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\parent.lock Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Essa\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Essa\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FE4A3429-F572-11DC-871D-0019B962555D}.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75089295-F573-11DC-871D-0019B962555D}.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE4A342A-F572-11DC-871D-0019B962555D}.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{78BCB575-C943-4C4D-A89F-4B3FF03CBB89} Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\874DFC43d01 Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Application Data\Mozilla\Firefox\Profiles\7whqdzxc.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\fla4AF.tmp Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\hsperfdata_Essa\1892 Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\~DF4164.tmp Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\~DF7787.tmp Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\~DFE258.tmp Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temp\~DFFFF9.tmp Object is locked skipped
C:\Documents and Settings\Essa\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Essa\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Essa\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Essa\Shared\27 Dresses CAM XViD-NYSLVR.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\Documents and Settings\Essa\Shared\27 Dresses CAM XViD-NYSLVR.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\FrostWire\log.txt Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dnddregh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0019958.exe Infected: not-a-virus:PSWTool.Win32.PassView.ag skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0019968.exe Infected: not-a-virus:PSWTool.Win32.PassView.ag skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033142.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP52\A0033155.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP53\A0033231.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP81\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7C400457-9759-403F-BAC5-0E0F5FDF1EFD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process complete
I hope this is better....
Hi, thanks for the log.
Please the delete the following files and folder using windows explorer:
C:\Documents and Settings\Essa\Shared\27 Dresses CAM XViD-NYSLVR.zip <-- file
SDFix.exe <-- file
C:\SDFix\
Your computer now seems to be clean.
The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
Go to Start
Click on Run
Type ComboFix /u (Note: This command is case sensitive.)
http://i149.photobucket.com/albums/s63/Mac701/CF_Cleanup.png
Download and install the free version of WinPatrol (http://www.winpatrol.com/). This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial (http://www.winpatrol.com/features.html) to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm
Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.
Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiemoes/prevention.html that will give you more information on some of the points above.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)
Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
http://images.malwarecomplaints.info/logo/MWC-logoplus4.gif (http://www.malwarecomplaints.info)
Please take the time to go and complain - that forum has a topic for your infection which is Vundo. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.
Regards,
Rosty.
thank you so much for the help. I just have a question, I do not know how to delete that you told me about, so how do I delete them?
thanks
thank you so much for the help. I just have a question, I do not know how to delete that you told me about, so how do I delete them?
thanks
You're welcome.
Do a search with windows explorer for the following:
27 Dresses CAM XViD-NYSLVR.z
also for this ones:
SDFix.exe
C:\SDFix\
and chose delete
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.