View Full Version : Help with Virtuminde.dll, Please
computerzim
2008-05-15, 18:07
Hello, I have tried to remove it twice in safe mode with spybot, but it returns...aghhh! :)
I tried the Kapersky link, on your "read before you post" thread, it appears to be a dead link. So I did not run Kapersky. Below is my Hijack this results... thanks in advance. Mike
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:41 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\csrssc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: pvnsmfor - {EA962993-4A16-45A4-9A55-E19BA3F1FC8F} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [c487898d] rundll32.exe "C:\WINDOWS\system32\pngkqvph.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\csrssc.exe
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: vbksrofa - {AEAAA631-EC4C-40C1-B4C7-C48659F3D0C9} - C:\WINDOWS\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {7D102B42-AF5A-4303-B390-F02539696A2B} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (cltnetcnservice) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11100 bytes
Hello computerzim
Welcome to Safer Networking.
Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
You got hit with a double whammy, besides Vundo your also infected with the SDbot worm, lets start off the cleaning by doing this.
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
computerzim
2008-05-15, 23:11
Double Whammy!? yikes.
Here is the SdFix logfile:
SDFix: Version 1.182
Run by Paul Padula on Thu 05/15/2008 at 04:32 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix\SDFix
Checking Services :
Name :
service.sys
Path :
\??\C:\WINDOWS\system32\service.sys
service.sys - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Schedule Service Path
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\jfiehayd.dll - Deleted
C:\WINDOWS\system32\kdwgc.exe - Deleted
C:\-99775~1 - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\d.exe - Deleted
C:\WINDOWS\fvowketqofb.dll - Deleted
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\Csrssc.exe - Deleted
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\svchost.exe - Deleted
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe - Deleted
C:\smp.bat - Deleted
C:\WINDOWS\mpfanvqg.dll - Deleted
C:\WINDOWS\oadkxrts.exe - Deleted
C:\WINDOWS\system32\service.exe - Deleted
C:\WINDOWS\system32\pjsapdg.sys - Deleted
C:\WINDOWS\system32\service.sys - Deleted
Folder C:\Program Files\IEAntiVirus - Removed
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 16:58:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000018d
"TracesSuccessful"=dword:00000003
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Vongo\\Vongo.exe"="C:\\Program Files\\Vongo\\Vongo.exe:*:Enabled:Vongo"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\d.exe"="C:\\d.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 7 Feb 2008 24 A.SH. --- "C:\WINDOWS\S4E76D2E4.tmp"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 12 May 2008 1,500,600 ..SH. --- "C:\WINDOWS\system32\rrdjsuki.tmp"
Sat 18 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT83.tmp"
Finished!
And here is the new HiJackThis logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:46 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [c487898d] rundll32.exe "C:\WINDOWS\system32\pngkqvph.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (cltnetcnservice) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9921 bytes
patiently awaiting your expertise help!
Great , you did well , we gave that one a kick in the pants :bigthumb:
There are still markers on your log for Vundo, so lets do this.
Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.
Post both logs please along with a new HJT log
computerzim
2008-05-16, 01:54
Okay, I ran the Vundo fix, it did not find any files. It also had problems removing...it never completed and still has an exectutable on the desktop. I did run it a second time and it stilll found nothing and did not remove.... not sure why. The MBAM ran and found a bunch of Vundo files and removed them. It needed to restart to remove some files.. I did not see it restart after rebooting, I was away from the cpu during reboot...anyway, looks like we are making progress. Here are the three logs you requested"
Here are the Vundo fix Logs:
VundoFix V7.0.3
Scan started at 6:25:56 PM 5/15/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Beginning removal...
Beginning removal...
VundoFix V7.0.3
Scan started at 6:39:32 PM 5/15/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
Beginning removal...
And the MBAM Logs:
Malwarebytes' Anti-Malware 1.12
Database version: 753
Scan type: Quick Scan
Objects scanned: 43309
Time elapsed: 3 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 30
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\iifcBuVN.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pngkqvph.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\awtTMdab.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6df9c60-a4e6-453c-b7b1-fc6e9ee73ad1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c6df9c60-a4e6-453c-b7b1-fc6e9ee73ad1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\cuskina.avideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d263b532-c528-49e5-8bb6-80fa67332c9a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7165223d-d2c9-422b-8126-411b11842b8b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{75e2cd3d-ebe9-4d27-8bd2-5449a900a092} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{120c9a20-4c1f-48a2-9bf9-16b30e02e366} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f8a0d89e-875f-41af-83be-6b5780224682} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f8a0d89e-875f-41af-83be-6b5780224682} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0c9f0270-a1e7-41bb-92a7-5b4e22d4f767} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4bf8b59a-f4cd-4799-91d5-cfd91b9074b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0b05996e-f501-458b-81fe-3078a1e70167} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7cfcea0b-1dae-46ad-93cd-110cb310d135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f3011214-24aa-434a-a4f1-2ac934aa9838} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awttmdab (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\iVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HKEY_CLASSES_ROOT\AppID\iebho.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c487898d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifcbuvn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifcbuvn -> Delete on reboot.
Folders Infected:
C:\Program Files\iVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\bkvcygpf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fpgycvkb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcBuVN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NVuBcfii.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NVuBcfii.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pngkqvph.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hpvqkgnp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\iebho.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtTMdab.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ntpl.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvrsma.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaywvuSm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ftklhae.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\pxyh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenda Padula\Local Settings\Temporary Internet Files\Content.IE5\RLRFZGZT\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Glenda Padula\Local Settings\Temporary Internet Files\Content.IE5\X4MHLPOK\hctp[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Finally the HiJackThis logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:38 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (cltnetcnservice) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9880 bytes
We are making very good progress, a bit more to do.
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, uses system resources and is really not needed.
C:\Program Files\Viewpoint <-- Delete this folder
I would like you to run Combofix, with the infections that you had I am sure there are more files that need to be removed.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
computerzim
2008-05-16, 04:26
Okay, removed the three entries. unistalled Viewpoint and ran combofix. Here are the logfiles:
ComboFix 08-05-15.2 - Paul Padula 2008-05-15 22:13:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.698 [GMT -4:00]
Running from: C:\Documents and Settings\Paul Padula\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bocxvvcm.ini
C:\WINDOWS\system32\dcLUDJlm.ini
C:\WINDOWS\system32\dcLUDJlm.ini2
C:\WINDOWS\system32\iifcBuVN.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NVuBcfii.ini
C:\WINDOWS\system32\NVuBcfii.ini2
C:\WINDOWS\system32\rrdjsuki.ini
C:\WINDOWS\system32\SDMpsBeg.ini
C:\WINDOWS\system32\SDMpsBeg.ini2
C:\WINDOWS\system32\tCKTCfhk.ini
C:\WINDOWS\system32\tCKTCfhk.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PJSAPDG
-------\Service_pjsapdg
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-15 19:56 . 2008-05-15 19:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-15 19:27 . 2008-05-15 19:27 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-15 19:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:26 . 2008-05-15 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 19:26 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 18:25 . 2008-05-15 18:25 <DIR> d-------- C:\VundoFix Backups
2008-05-15 16:22 . 2008-05-15 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-15 16:15 . 2008-05-15 16:16 <DIR> d-------- C:\sdfix
2008-05-15 12:02 . 2008-05-15 12:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 12:02 . 2008-05-15 19:33 91,264 --------- C:\WINDOWS\system32\pngkqvph.dll
2008-05-15 10:24 . 2008-05-15 10:24 <DIR> d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2008-05-15 10:24 . 2003-07-21 15:32 163,998 --a------ C:\WINDOWS\system32\drivers\USR11G.SYS
2008-05-15 10:24 . 2003-06-29 10:54 62,772 --a------ C:\WINDOWS\system32\drivers\tiacx111.bin
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmpF263E.FOT
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmp1C53E.FOT
2008-05-14 13:14 . 2008-05-14 14:20 1,808 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-05-13 23:40 . 2008-05-13 23:40 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\DivX
2008-05-13 23:37 . 2008-05-13 23:37 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\Apple Computer
2008-05-13 23:05 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-13 23:05 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-13 23:05 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-13 23:05 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-12 19:45 . 2008-05-12 19:45 1,500,600 ---hs---- C:\WINDOWS\system32\rrdjsuki.tmp
2008-05-10 23:37 . 2008-05-14 14:01 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-10 23:37 . 2008-05-14 14:01 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-10 23:37 . 2008-05-14 14:01 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 23:37 . 2008-05-14 14:01 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 23:36 . 2008-05-14 14:14 <DIR> d-------- C:\Program Files\Symantec
2008-05-10 20:05 . 2008-05-14 18:24 424 --a------ C:\WINDOWS\wininit.ini
2008-05-10 19:00 . 2008-05-10 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 18:15 . 2008-05-10 18:15 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\TmpRecentIcons
2008-05-10 11:52 . 2008-05-10 11:52 54,784 --a------ C:\WINDOWS\system32\gh.l
2008-05-10 11:52 . 2008-05-10 11:52 32,768 --a------ C:\WINDOWS\system32\yl.po
2008-05-10 11:52 . 2008-05-10 11:52 28,672 --a------ C:\WINDOWS\system32\mn.n
2008-05-10 11:52 . 2008-05-10 11:52 28,672 --a------ C:\WINDOWS\system32\ccs.so
2008-05-10 11:52 . 2008-05-10 11:52 28,672 --a------ C:\WINDOWS\system32\bmf.cs
2008-05-10 11:52 . 2008-05-10 11:52 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 11:51 . 2008-05-15 19:33 29,312 --------- C:\WINDOWS\system32\awtTMdab.dll
2008-05-10 11:43 . 2008-05-10 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-06 19:27 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-06 19:27 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-22 09:31 . 2008-04-23 08:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-22 09:31 . 2008-04-22 09:31 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-16 01:59 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\HP
2008-05-15 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-15 02:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-14 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-14 17:14 --------- d-----w C:\Program Files\InterActual
2008-05-14 17:13 --------- d-----w C:\Program Files\Handbrake
2008-05-14 17:12 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-10 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 15:52 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2008-05-10 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 15:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-27 20:27 --------- d-----w C:\Program Files\Incomplete
2008-04-27 20:24 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:24 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\LimeWire
2008-04-20 22:11 --------- d-----w C:\Program Files\Google
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 02:43 --------- d-----w C:\Documents and Settings\Glenda Padula\Application Data\acccore
2008-03-20 18:32 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\Apple Computer
2008-03-20 04:08 --------- d-----w C:\Program Files\iTunes
2008-03-20 04:08 --------- d-----w C:\Program Files\iPod
2008-03-20 04:06 --------- d-----w C:\Program Files\QuickTime
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:58 --------- d-----w C:\Program Files\Java
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
577,024 2004-08-04 12:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll.000
577,536 2008-05-10 15:52:11 C:\WINDOWS\system32\user32.dll
577,536 2008-05-10 15:52:11 C:\WINDOWS\system32\dllcache\user32.dll
------- Sigcheck -------
2004-08-04 08:00 17408 fa3d974c9b92a8dbe5095457c4d3574c C:\WINDOWS\system32\svchost.exe
2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 08:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-05-10 11:52 577536 2a00785d48abe1e346c23ad2e7e0454d C:\WINDOWS\system32\user32.dll
2008-05-10 11:52 577536 2a00785d48abe1e346c23ad2e7e0454d C:\WINDOWS\system32\dllcache\user32.dll
2004-08-04 08:00 506368 2b07f2b1990c47fc8adcde379c8c4fdd C:\WINDOWS\system32\winlogon.exe
2007-06-13 06:23 1035776 fcc3ed17efb66b69d1e6316b9b5f65cc C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 08:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 08:00 110592 27eac52170b2915f9ba59a5b209561e3 C:\WINDOWS\system32\services.exe
2004-08-04 08:00 14848 f82d011e65d0467c00770fd5d37ef0be C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 17:34 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 21:28 185896]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
C:\Documents and Settings\Paul Padula\Start Menu\Programs\Startup\
DirectDVD Update Manager.lnk - C:\Program Files\Orion Studios HD\UpdateHD.exe [2008-01-27 00:52:45 454656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-08 17:33:58 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2008-05-15 10:24:35 290816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DAQnzrak"= {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"antispy"=C:\Program Files\IEAntiVirus\ANTIVIRUS.exe
"DW4"=
"InetChk"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\ms1210437298.exe work
"jdgf894jrghoiiskd"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"jdgf894jrghoiiskd"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-10 02:24]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
S3 EraserUtilDrv10730;EraserUtilDrv10730;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10730.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af4d36b9-ddbf-11dc-be80-00115b0856d3}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 03:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:16:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-05-15 22:21:03 - machine was rebooted [Paul Padula]
ComboFix-quarantined-files.txt 2008-05-16 02:21:00
Pre-Run: 267,642,413,056 bytes free
Post-Run: 267,839,856,640 bytes free
239 --- E O F --- 2008-05-15 23:57:00
And the HiJackThis logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:14 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (cltnetcnservice) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9144 bytes
Hello,
Fix this with HJT.
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll (file missing)
Did you or your internet provider set these? Dont fix them yet
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
You have some entries on your Combofix log that are troubling that i need to look into. What I would like you to do is to run Superantispyware and then rerun Combofix and post both logs please
Please download SuperAntiSpyware Free (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.
computerzim
2008-05-16, 22:19
Well things are not going well. I reloaded Norton last night, because it was not working. When I rebooted a Windows tool popped up and noted a problem with a virus. I did not get a chance to see the name as it went away to quickly, but everything was working okay. I shut it down for the night, and when I rebooted this morning, that is all it does... reboot. I can't even get it started in Safe Mode. Very disappointing. I would have to say one of the two programs... norton or the Windows malicious tool, probably caused this. Not sure where to go from here.... thinking I may have to reformat. :(
Try restarting your computer and follow the step previously for booting into Safemode, this time bypass Safemode and select LAST KNOWN GOOD hit enter and lets see what happens.
The software removal tool is safe and I doubt it borked your computer but nortor could be a possible problem
Let me know now it went
computerzim
2008-05-17, 05:24
Holy cow, "Last known did not work", I was able to use the XP disk and repair the OS. That opened a few other problems with some apps. I should have the machine online shortly. I will rerun HiJackThis log and post it shortly.
computerzim
2008-05-17, 15:58
Okay, here is the latest HiJackThis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:06 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210999332281
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11233 bytes
Hello,
Glad you recovered from that potential disaster , most times when you run the Recovery Program it replaces windows files that may have been deleted , and it also at times leaves your malware intact.
Remove this with HJT.
O21 - SSODL: DAQnzrak - {C4878923-6E2D-2389-9BC2-C4B6ABD9C763} - C:\WINDOWS\system32\clh.dll (file missing)
The user.dll issue that we had needs to be corrected, I don't know if running the Recovery program fixed it or not, Combofix will repair it only if you have the Recovery Console installed and you do not. So lets do this.
Download Combofix to your Desktop but don't run it yet
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.
In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.
Please go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
http://img.photobucket.com/albums/v666/sUBs/KB310994.gif
Windows XP SP2 <-- This is what you need
Download the file & save it as its originally named, next to ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/rc1.gif
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
computerzim
2008-05-17, 17:34
Tried to post entire log, but got bounced due to size limitation.. so I will post in two seperate posts....
ComboFix 08-05-15.3 - Paul Padula 2008-05-17 11:17:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.573 [GMT -4:00]
Running from: C:\Documents and Settings\Paul Padula\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Padula\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-17 11:02 . 2008-05-17 11:02 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-17 10:02 . 2008-05-17 10:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-17 00:45 . 2008-05-17 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-16 18:33 . 2004-08-04 08:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-05-16 18:32 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-16 18:19 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2008-05-16 18:19 . 2004-08-03 22:29 166,912 --a------ C:\WINDOWS\system32\drivers\s3gnbm.sys
2008-05-16 18:16 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET5A.tmp
2008-05-16 18:16 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET57.tmp
2008-05-16 18:16 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET66.tmp
2008-05-16 18:06 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET59.tmp
2008-05-16 18:06 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET56.tmp
2008-05-16 18:06 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET65.tmp
2008-05-16 18:00 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET58.tmp
2008-05-16 18:00 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET55.tmp
2008-05-16 18:00 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET64.tmp
2008-05-16 16:45 . 2004-08-04 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-16 16:45 . 2004-08-04 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-16 16:45 . 2004-08-04 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-16 16:45 . 2004-08-04 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-16 00:04 . 2008-05-16 00:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-16 00:03 . 2008-05-16 00:27 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 00:03 . 2008-05-16 00:27 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 00:03 . 2008-05-16 00:27 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-15 19:56 . 2008-05-16 10:01 4,645 --a------ C:\WINDOWS\setupapi.old
2008-05-15 19:56 . 2008-05-15 19:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-15 19:27 . 2008-05-15 19:27 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-15 19:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:26 . 2008-05-15 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 19:26 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 18:25 . 2008-05-15 18:25 <DIR> d-------- C:\VundoFix Backups
2008-05-15 16:22 . 2008-05-15 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-15 16:15 . 2008-05-15 16:16 <DIR> d-------- C:\sdfix
2008-05-15 12:02 . 2008-05-15 12:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 12:02 . 2008-05-15 19:33 91,264 --a------ C:\WINDOWS\system32\pngkqvph.dll
2008-05-15 10:24 . 2008-05-15 10:24 <DIR> d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2008-05-15 10:24 . 2003-07-21 15:32 163,998 --a------ C:\WINDOWS\system32\drivers\USR11G.SYS
2008-05-15 10:24 . 2003-06-29 10:54 62,772 --a------ C:\WINDOWS\system32\drivers\tiacx111.bin
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmpF263E.FOT
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmp1C53E.FOT
2008-05-13 23:40 . 2008-05-13 23:40 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\DivX
2008-05-13 23:37 . 2008-05-13 23:37 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\Apple Computer
2008-05-12 19:45 . 2008-05-12 19:45 1,500,600 --ahs---- C:\WINDOWS\system32\rrdjsuki.tmp
2008-05-10 23:37 . 2008-05-16 00:27 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 23:37 . 2008-05-16 00:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 20:05 . 2008-05-14 18:24 424 --a------ C:\WINDOWS\wininit.ini
2008-05-10 19:00 . 2008-05-10 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 18:15 . 2008-05-10 18:15 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\TmpRecentIcons
2008-05-10 11:52 . 2008-05-10 11:52 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 11:51 . 2008-05-15 19:33 29,312 --a------ C:\WINDOWS\system32\awtTMdab.dll
2008-05-10 11:43 . 2008-05-10 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-06 19:27 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-06 19:27 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-22 09:31 . 2008-04-23 08:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-22 09:31 . 2008-04-22 09:31 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 04:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-16 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-16 01:59 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\HP
2008-05-15 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 17:14 --------- d-----w C:\Program Files\InterActual
2008-05-14 17:13 --------- d-----w C:\Program Files\Handbrake
2008-05-14 17:12 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-10 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 15:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-27 20:27 --------- d-----w C:\Program Files\Incomplete
2008-04-27 20:24 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:24 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\LimeWire
2008-04-20 22:11 --------- d-----w C:\Program Files\Google
2008-03-23 02:43 --------- d-----w C:\Documents and Settings\Glenda Padula\Application Data\acccore
2008-03-20 18:32 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\Apple Computer
2008-03-20 04:08 --------- d-----w C:\Program Files\iTunes
2008-03-20 04:08 --------- d-----w C:\Program Files\iPod
2008-03-20 04:06 --------- d-----w C:\Program Files\QuickTime
2008-03-17 20:58 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_22.20.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 02:16:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 15:01:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-06-13 10:23:07 1,035,776 ----a-w C:\WINDOWS\explorer.exe
+ 2004-08-04 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
- 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2004-08-04 12:00:00 28,672 -c--a-w C:\WINDOWS\ie7\custsat.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
- 2006-09-04 06:08:01 1,494,016 -c--a-w C:\WINDOWS\ie7\shdocvw.dll
+ 2004-08-04 12:00:00 1,483,264 -c--a-w C:\WINDOWS\ie7\shdocvw.dll
- 2005-09-02 23:52:06 473,600 -c--a-w C:\WINDOWS\ie7\shlwapi.dll
+ 2004-08-04 12:00:00 473,600 -c--a-w C:\WINDOWS\ie7\shlwapi.dll
- 2006-11-08 01:04:18 31,856 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
- 2006-09-06 20:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
- 2006-09-06 20:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-09-06 21:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
- 2006-12-19 18:08:07 852,480 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\ie7\vgx.dll
- 2007-06-27 02:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2004-08-04 12:00:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2007-08-14 00:53:50 225,280 ---ha-w C:\WINDOWS\repair\ntuser.dat
+ 2008-05-16 22:32:05 1,548,288 ---ha-w C:\WINDOWS\repair\ntuser.dat
+ 2008-05-17 14:41:48 5,118 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{68CA6624-DF45-4A02-9A2E-48F86F2BB6FF}.bin
- 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 22:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
- 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2004-08-04 12:00:00 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2007-04-18 12:46:26 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 17:12:50 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2004-08-04 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2004-08-04 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2007-04-18 12:46:26 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-08-04 12:00:00 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2004-08-04 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2004-08-04 12:00:00 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2004-08-04 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2004-08-04 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2004-08-04 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
- 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2004-08-04 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2004-08-04 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2004-08-04 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2004-08-04 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2004-08-04 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2008-05-15 14:08:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-16 22:37:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-15 14:08:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-16 22:37:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-16 22:36:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat
- 2008-05-15 14:08:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 22:37:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-18 12:46:26 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2004-08-04 12:00:00 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 22:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2004-08-04 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2007-03-09 13:58:57 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2004-08-04 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2004-08-04 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2006-10-19 01:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-03-02 18:09:29 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2006-10-19 01:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2004-08-04 12:00:00 286,208 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2007-04-18 12:46:26 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-09-23 17:12:50 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2005-07-26 04:39:42 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2004-08-04 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2005-07-26 04:39:43 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2004-08-04 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2007-04-18 12:46:26 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00:00 150,528 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2004-08-04 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2006-10-19 01:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2004-08-04 12:00:00 159,232 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2006-06-22 05:06:29 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2004-08-04 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2004-08-04 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2006-08-25 15:45:58 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2004-08-04 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2004-08-04 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2004-08-04 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2004-08-04 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2007-04-18 12:46:26 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2004-08-04 12:00:00 1,053,696 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2004-08-04 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-05-19 12:59:41 111,616 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2004-08-04 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2004-08-04 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2006-10-19 01:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2004-08-04 12:00:00 695,296 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2006-08-22 08:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2004-08-04 12:00:00 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-13 22:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2005-07-26 04:39:45 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2004-08-04 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2005-10-20 22:20:03 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2004-08-04 12:00:00 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2004-08-04 12:00:00 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 22:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2004-08-04 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2004-08-04 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2004-08-04 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2004-08-04 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2004-08-04 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2004-08-04 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2004-08-04 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-13 22:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-13 21:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 22:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 22:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2004-08-04 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-05-19 12:59:41 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2004-08-04 12:00:00 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-08-04 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2005-05-27 02:04:27 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2004-08-04 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2005-05-27 02:04:27 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2004-08-04 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2005-06-15 17:49:30 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2004-08-04 12:00:00 983,552 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2006-10-19 01:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
+ 2004-08-04 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
- 2005-09-01 01:41:53 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2004-08-04 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2006-10-19 00:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2004-08-04 12:00:00 103,936 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00:00 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-08-04 12:00:00 13,312 -c--a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2004-08-04 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2004-08-04 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2004-08-04 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-08-04 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
+ 2004-08-04 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
- 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
+ 2004-08-04 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
- 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
+ 2004-08-04 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
- 2006-10-19 01:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2004-08-04 12:00:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2004-08-04 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2006-03-23 05:44:21 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2004-08-04 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2004-08-04 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2004-08-04 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2004-08-04 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2006-03-01 19:42:42 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2004-08-04 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2006-03-01 19:42:42 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2004-08-04 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2006-03-01 19:42:42 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2004-08-04 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2004-08-04 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2004-08-04 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2004-08-04 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-13 22:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2004-08-04 12:00:00 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2005-05-04 18:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2005-05-04 18:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2004-08-04 12:00:00 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2005-05-04 18:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2004-08-04 12:00:00 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2005-05-04 18:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2004-08-04 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2004-08-04 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2004-08-04 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2004-08-04 12:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2004-08-04 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2004-08-04 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2004-08-04 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-10-19 01:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2004-08-04 12:00:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2007-05-16 15:12:08 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2004-08-04 12:00:00 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-10-19 01:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2004-08-04 12:00:00 52,224 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2006-10-19 01:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-13 22:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2004-08-04 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2004-08-04 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2004-08-04 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-12-04 20:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2004-08-04 12:00:00 356,352 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2004-08-04 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-13 22:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2004-08-04 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-10-19 01:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2004-08-04 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2004-08-04 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2004-08-04 12:00:00 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2006-03-01 19:42:42 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2006-03-01 19:42:42 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2004-08-04 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2006-08-17 12:28:27 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2004-08-04 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2005-08-22 18:29:46 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2004-08-04 12:00:00 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2005-11-29 20:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2004-08-04 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2004-08-04 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
- 2006-10-13 12:35:12 142,336 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2004-08-04 12:00:00 144,384 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-13 22:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2005-07-26 04:39:48 1,285,120 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2004-08-04 12:00:00 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2004-08-04 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2005-07-26 04:39:48 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2004-08-04 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2005-07-26 04:39:49 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2004-08-04 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-10-19 01:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2004-08-04 12:00:00 237,568 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2004-08-04 12:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-06-22 05:06:30 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2004-08-04 12:00:00 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2006-06-26 17:37:10 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2006-06-22 10:47:18 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2004-08-04 12:00:00 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2004-08-04 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2005-06-10 04:09:46 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2004-08-04 12:00:00 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2004-08-04 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-07-09 13:16:16 582,656 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2004-08-04 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2004-08-04 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2004-08-04 12:00:00 108,032 -c--a-w C:\WINDOWS\system32\dllcache\services.exe
- 2006-11-01 22:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2004-08-04 12:00:00 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2007-04-18 12:46:27 1,498,112 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 17:12:50 1,497,088 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2004-08-04 12:00:00 8,384,000 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-04-18 12:46:27 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-09-23 17:12:50 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-12-19 21:52:18 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2004-08-04 12:00:00 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2004-08-04 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2004-08-04 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-12-07 19:32:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2006-08-21 13:52:08 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00:00 14,336 -c--a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2006-10-19 13:56:32 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2004-08-04 12:00:00 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2005-10-17 21:14:46 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00:00 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2005-07-08 16:27:56 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2004-08-04 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2005-05-10 23:45:48 75,776 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2004-08-04 12:00:00 75,264 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2005-07-26 04:39:49 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2004-08-04 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2005-08-23 03:35:42 123,392 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2004-08-04 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2007-06-27 02:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2004-08-04 12:00:00 208,896 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-04-23 10:32:54 364,160 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
+ 2004-08-04 12:00:00 209,408 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
- 2007-02-05 20:17:02 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2004-08-04 12:00:00 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-13 22:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 22:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-05-10 15:52:11 577,536 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2004-08-04 12:00:00 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 22:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2007-05-16 15:12:12 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2004-08-04 12:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2007-05-16 15:12:15 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2004-08-04 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2006-03-24 04:37:50 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2004-08-04 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-13 22:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2006-01-04 03:35:05 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2006-12-19 18:16:47 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2004-08-04 12:00:00 333,312 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2004-08-04 12:00:00 1,835,904 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 22:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 12:00:00 502,272 -c--a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2007-03-17 13:43:01 292,864 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2004-08-04 12:00:00 290,816 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2006-08-17 12:28:27 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2004-08-04 12:00:00 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2006-10-19 01:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
+ 2004-08-04 12:00:00 408,064 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
- 2006-10-19 01:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
+ 2004-08-04 12:00:00 670,720 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
- 2007-10-27 22:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2004-08-04 12:00:00 230,400 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-10-19 01:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2004-08-04 12:00:00 27,136 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2006-10-19 01:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2004-08-04 12:00:00 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2006-10-19 01:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2004-08-04 12:00:00 168,448 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2006-10-19 01:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2004-08-04 12:00:00 151,552 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2006-10-19 01:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
+ 2004-08-04 12:00:00 1,050,624 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
- 2007-06-12 03:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2004-08-04 12:00:00 4,874,240 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-10-19 01:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2004-08-04 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2006-10-19 01:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2004-08-04 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2006-10-19 01:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2004-08-04 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2006-10-19 01:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2006-10-19 01:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2004-08-04 12:00:00 2,940,928 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2006-10-19 01:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2004-08-04 12:00:00 759,296 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2004-08-04 12:00:00 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2006-10-19 01:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
+ 2004-08-04 12:00:00 484,864 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
computerzim
2008-05-17, 17:35
Due size limitations, here is the second half of the combofix log:
- 2006-10-19 01:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
+ 2004-08-04 12:00:00 896,512 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2004-08-04 12:00:00 2,105,344 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2004-08-04 12:00:00 809,984 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2004-08-04 12:00:00 1,001,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
- 2006-03-01 19:42:42 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2004-08-04 12:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2004-08-04 12:00:00 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2004-08-04 12:00:00 42,368 ----a-w C:\WINDOWS\system32\drivers\agp440.sys
+ 2004-08-04 12:00:00 44,928 ----a-w C:\WINDOWS\system32\drivers\agpcpq.sys
+ 2004-08-04 12:00:00 42,752 ----a-w C:\WINDOWS\system32\drivers\alim1541.sys
+ 2004-08-04 12:00:00 43,008 ----a-w C:\WINDOWS\system32\drivers\amdagp.sys
- 2004-08-04 03:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 12:00:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
+ 2004-08-04 12:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2004-08-04 12:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\gagp30kx.sys
- 2004-08-03 23:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-04 12:00:00 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
- 2001-08-17 18:02:20 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
+ 2004-08-04 12:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\hidusb.sys
- 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2004-08-04 12:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-08-04 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2004-08-04 12:00:00 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 12:00:00 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2001-08-17 17:48:00 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
+ 2004-08-04 12:00:00 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
- 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2004-08-04 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2004-08-04 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-03 22:58:42 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
+ 2004-08-04 12:00:00 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
- 2004-08-03 22:58:40 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
+ 2004-08-04 12:00:00 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
- 2004-08-03 22:58:42 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
+ 2004-08-04 12:00:00 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
- 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2004-08-04 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-04 03:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-04 12:00:00 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2004-08-04 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2004-08-04 12:00:00 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
- 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2004-08-04 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2004-08-04 12:00:00 41,088 ----a-w C:\WINDOWS\system32\drivers\sisagp.sys
- 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2004-08-04 03:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2006-08-22 20:48:24 243,376 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-12-01 03:57:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
- 2006-08-22 20:48:24 275,120 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-12-01 03:57:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
- 2006-08-22 20:48:24 24,240 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-12-01 03:57:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
- 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2004-08-04 12:00:00 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2001-08-17 14:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2004-08-04 12:00:00 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
+ 2006-09-02 19:34:34 11,968 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
+ 2006-09-02 19:34:42 144,832 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
+ 2006-09-02 19:34:50 39,104 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2006-09-02 19:34:46 33,216 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2006-09-02 19:35:06 36,032 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
+ 2006-09-02 19:34:56 26,432 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
+ 2006-09-02 19:35:00 186,048 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
- 2004-08-03 23:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
+ 2004-08-04 12:00:00 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2004-08-04 12:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00:00 44,672 ----a-w C:\WINDOWS\system32\drivers\uagp35.sys
- 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2004-08-04 12:00:00 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-04 03:08:48 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
+ 2004-08-04 12:00:00 31,616 ----a-w C:\WINDOWS\system32\drivers\usbccgp.sys
- 2004-08-04 03:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS
+ 2004-08-04 12:00:00 26,496 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys
- 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2004-08-04 12:00:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2004-08-04 12:00:00 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2006-08-22 08:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2004-08-04 12:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-13 22:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2004-08-04 12:00:00 514,587 ----a-w C:\WINDOWS\system32\edb500.dll
- 2007-08-14 00:51:12 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
+ 2008-05-16 22:30:04 23,348 ----a-w C:\WINDOWS\system32\emptyregdb.dat
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2004-08-04 12:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2004-08-04 12:00:00 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 22:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2004-08-04 12:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
+ 2004-08-04 12:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
- 2008-04-10 14:44:28 120,544 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-16 22:36:38 120,544 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2004-08-04 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2004-08-04 12:00:00 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2004-08-04 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-08-04 12:00:00 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2004-08-04 12:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-13 22:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-13 22:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-13 22:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-13 21:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 22:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 22:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2004-08-04 12:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2004-08-04 12:00:00 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2004-08-04 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
+ 2004-08-04 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
- 2006-06-01 18:47:07 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2006-06-01 18:47:07 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2004-08-04 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 22:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101b.dll
+ 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd101b.dll
- 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd101c.dll
+ 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd101c.dll
- 2001-08-17 18:55:56 5,632 ----a-w C:\WINDOWS\system32\kbd103.dll
+ 2004-08-04 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbd103.dll
- 2001-08-17 18:55:56 6,144 ----a-w C:\WINDOWS\system32\kbd106.dll
+ 2004-08-04 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd106.dll
- 2001-08-18 02:36:18 8,704 ----a-w C:\WINDOWS\system32\kbdjpn.dll
+ 2004-08-04 12:00:00 8,704 ----a-w C:\WINDOWS\system32\kbdjpn.dll
- 2001-08-18 02:36:18 8,192 ----a-w C:\WINDOWS\system32\kbdkor.dll
+ 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\kbdkor.dll
- 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2004-08-04 12:00:00 983,552 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2004-08-04 12:00:00 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
- 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2008-03-20 22:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
- 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2004-08-04 12:00:00 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
- 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-08-04 12:00:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-04 12:00:00 14,848 ----a-w C:\WINDOWS\system32\lsass.exe
+ 2004-08-04 12:00:00 13,312 ----a-w C:\WINDOWS\system32\lsass.exe
- 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2004-08-04 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2004-08-04 12:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2004-08-04 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
- 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2004-08-04 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
- 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2004-08-04 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2004-08-04 12:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
- 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2004-08-04 12:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2004-08-04 12:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2004-08-04 12:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2004-08-04 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2004-08-04 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2004-08-04 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-13 22:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-13 22:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
+ 2004-08-04 12:00:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
- 2005-05-04 18:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2005-05-04 18:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2004-08-04 12:00:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2005-05-04 18:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2004-08-04 12:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2004-08-04 12:00:00 40,960 ----a-w C:\WINDOWS\system32\msiregmv.exe
- 2005-05-04 18:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2004-08-04 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
- 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2004-08-04 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2004-08-04 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2004-08-04 12:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2004-08-04 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2004-08-04 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2004-08-04 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2004-08-04 12:00:00 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2004-08-04 12:00:00 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-13 22:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2004-08-04 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2004-08-04 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 1999-10-13 21:12:56 28,944 ----a-w C:\WINDOWS\system32\MSRECR40.DLL
+ 2004-08-04 12:00:00 28,746 ----a-w C:\WINDOWS\system32\msrecr40.dll
- 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2004-08-04 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2004-08-04 12:00:00 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
- 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2004-08-04 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-13 22:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2004-08-04 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2004-08-04 12:00:00 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2004-08-04 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2004-08-04 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2004-08-04 12:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2007-07-30 23:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
- 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2004-08-04 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
+ 2004-08-04 12:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2004-08-04 12:00:00 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2004-08-04 12:00:00 2,180,992 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2004-08-04 12:00:00 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-13 22:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-03-05 17:34:28 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
+ 2008-02-04 22:23:10 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
- 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2004-08-04 12:00:00 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
- 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2004-08-04 12:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2004-08-04 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2004-08-04 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-03-15 20:45:54 63,528 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-16 22:39:27 67,028 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 20:45:54 406,328 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-16 22:39:27 422,426 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2004-08-04 12:00:00 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2004-08-04 12:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2004-08-04 12:00:00 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2004-08-04 12:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2004-08-04 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
- 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2004-08-04 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-02-15 19:22:26 688,000 ----a-w C:\WINDOWS\system32\SelfHelpControl.DLL
- 2004-08-04 12:00:00 110,592 ----a-w C:\WINDOWS\system32\services.exe
+ 2004-08-04 12:00:00 108,032 ----a-w C:\WINDOWS\system32\services.exe
- 2007-04-18 12:46:27 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-23 17:12:50 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2004-08-04 12:00:00 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-04-18 12:46:27 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2006-09-23 17:12:50 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2004-08-04 12:00:00 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2005-06-10 23:53:32 58,880 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2004-08-04 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2006-08-21 13:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2004-08-04 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 12:00:00 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
+ 2004-08-04 12:00:00 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
- 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2004-08-04 12:00:00 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-09-02 19:35:16 613,056 ----a-w C:\WINDOWS\system32\SymNeti.dll
+ 2006-09-02 19:35:10 239,808 ----a-w C:\WINDOWS\system32\SymRedir.dll
- 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2004-08-04 12:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2004-08-04 12:00:00 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2004-08-04 12:00:00 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
- 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2004-08-04 12:00:00 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
- 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2004-08-04 12:00:00 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2004-08-04 12:00:00 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-13 22:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-13 22:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 00:56:48 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
+ 2004-08-04 12:00:00 74,240 ----a-w C:\WINDOWS\system32\usbui.dll
- 2008-05-10 15:52:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll
+ 2004-08-04 12:00:00 577,024 ----a-w C:\WINDOWS\system32\user32.dll
- 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2004-08-04 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 22:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2004-08-04 12:00:00 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2004-08-04 12:00:00 1,835,904 ----a-w C:\WINDOWS\system32\win32k.sys
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-13 22:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-04 12:00:00 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
+ 2004-08-04 12:00:00 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
- 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2004-08-04 12:00:00 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2004-08-04 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
+ 2004-08-04 12:00:00 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
- 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
+ 2004-08-04 12:00:00 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
- 2007-10-27 22:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2004-08-04 12:00:00 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2004-08-04 12:00:00 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2004-08-04 12:00:00 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2004-08-04 12:00:00 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2004-08-04 12:00:00 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
+ 2004-08-04 12:00:00 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
- 2007-06-12 03:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2004-08-04 12:00:00 4,874,240 ----a-w C:\WINDOWS\system32\wmp.dll
- 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2004-08-04 12:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2004-08-04 12:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
- 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2004-08-04 12:00:00 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
- 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2004-08-04 12:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2004-08-04 12:00:00 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2004-08-04 12:00:00 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
+ 2004-08-04 12:00:00 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
- 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2004-08-04 12:00:00 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2004-08-04 12:00:00 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2004-08-04 12:00:00 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2004-08-04 12:00:00 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
- 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2004-08-04 12:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2004-08-04 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\67096\comctl32.dll
+ 2004-08-04 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\71219\comctl32.dll
+ 2004-08-04 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\71265\comctl32.dll
+ 2004-08-04 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\71814\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 17:34 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 21:28 185896]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 08:00 44544]
C:\Documents and Settings\Paul Padula\Start Menu\Programs\Startup\
DirectDVD Update Manager.lnk - C:\Program Files\Orion Studios HD\UpdateHD.exe [2008-01-27 00:52:45 454656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-08 17:33:58 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2008-05-15 10:24:35 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"antispy"=C:\Program Files\IEAntiVirus\ANTIVIRUS.exe
"DW4"=
"InetChk"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\ms1210437298.exe work
"jdgf894jrghoiiskd"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"jdgf894jrghoiiskd"=C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-10 02:24]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af4d36b9-ddbf-11dc-be80-00115b0856d3}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 03:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-17 00:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Paul Padula.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 11:19:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 11:20:39
ComboFix-quarantined-files.txt 2008-05-17 15:20:18
ComboFix2.txt 2008-05-16 02:21:04
Pre-Run: 267,590,737,920 bytes free
Post-Run: 267,611,058,176 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
1122 --- E O F --- 2008-05-17 14:38:29
You need to read and follow the instructions that I post or we won't be responsible if your system crashes again
Download Combofix to your Desktop but don't run it yet <--------
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
It fixed the user.dll issue, but a little more to do
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\ms1210437298.exe work
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
Folder::
C:\Program Files\IEAntiVirus
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"antispy"=-
"InetChk"=-
"jdgf894jrghoiiskd"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"jdgf894jrghoiiskd"=-
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
computerzim
2008-05-17, 19:40
HEre is the combofix log after cfscript:
ComboFix 08-05-15.3 - Paul Padula 2008-05-17 13:32:19.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C:\Documents and Settings\Paul Padula\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul Padula\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\ms1210437298.exe work
C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\winlogan.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-17 11:02 . 2008-05-17 11:02 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-17 10:02 . 2008-05-17 10:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-17 00:45 . 2008-05-17 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-16 18:33 . 2004-08-04 08:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-05-16 18:32 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-16 18:30 . 2008-05-16 18:30 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-16 18:19 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2008-05-16 18:19 . 2004-08-03 22:29 166,912 --a------ C:\WINDOWS\system32\drivers\s3gnbm.sys
2008-05-16 18:16 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET5A.tmp
2008-05-16 18:16 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET57.tmp
2008-05-16 18:16 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET66.tmp
2008-05-16 18:06 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET59.tmp
2008-05-16 18:06 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET56.tmp
2008-05-16 18:06 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET65.tmp
2008-05-16 18:00 . 2004-08-04 08:00 1,086,058 -ra------ C:\WINDOWS\SET58.tmp
2008-05-16 18:00 . 2004-08-04 08:00 1,042,903 -ra------ C:\WINDOWS\SET55.tmp
2008-05-16 18:00 . 2004-08-04 08:00 13,753 -ra------ C:\WINDOWS\SET64.tmp
2008-05-16 16:45 . 2004-08-04 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-16 16:45 . 2004-08-04 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-16 16:45 . 2004-08-04 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-16 16:45 . 2004-08-04 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-16 00:04 . 2008-05-16 00:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-16 00:03 . 2008-05-16 00:27 <DIR> d-------- C:\Program Files\Symantec
2008-05-16 00:03 . 2008-05-16 00:27 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 00:03 . 2008-05-16 00:27 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-15 19:56 . 2008-05-16 10:01 4,645 --a------ C:\WINDOWS\setupapi.old
2008-05-15 19:56 . 2008-05-15 19:56 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-15 19:27 . 2008-05-15 19:27 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-15 19:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 19:26 . 2008-05-15 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 19:26 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 19:26 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 18:25 . 2008-05-15 18:25 <DIR> d-------- C:\VundoFix Backups
2008-05-15 16:22 . 2008-05-15 16:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-15 16:15 . 2008-05-15 16:16 <DIR> d-------- C:\sdfix
2008-05-15 12:02 . 2008-05-15 12:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 12:02 . 2008-05-15 19:33 91,264 --a------ C:\WINDOWS\system32\pngkqvph.dll
2008-05-15 10:24 . 2008-05-15 10:24 <DIR> d-------- C:\Program Files\U.S. Robotics 802.11g WLAN
2008-05-15 10:24 . 2003-07-21 15:32 163,998 --a------ C:\WINDOWS\system32\drivers\USR11G.SYS
2008-05-15 10:24 . 2003-06-29 10:54 62,772 --a------ C:\WINDOWS\system32\drivers\tiacx111.bin
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmpF263E.FOT
2008-05-15 10:23 . 2008-05-15 10:23 1,409 --a------ C:\WINDOWS\system32\tmp1C53E.FOT
2008-05-13 23:40 . 2008-05-13 23:40 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\DivX
2008-05-13 23:37 . 2008-05-13 23:37 <DIR> d-------- C:\Documents and Settings\Paul J. Padula\Application Data\Apple Computer
2008-05-12 19:45 . 2008-05-12 19:45 1,500,600 --ahs---- C:\WINDOWS\system32\rrdjsuki.tmp
2008-05-10 23:37 . 2008-05-16 00:27 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 23:37 . 2008-05-16 00:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 20:05 . 2008-05-14 18:24 424 --a------ C:\WINDOWS\wininit.ini
2008-05-10 19:00 . 2008-05-10 19:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 18:15 . 2008-05-10 18:15 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\TmpRecentIcons
2008-05-10 11:52 . 2008-05-10 11:52 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 11:51 . 2008-05-15 19:33 29,312 --a------ C:\WINDOWS\system32\awtTMdab.dll
2008-05-10 11:43 . 2008-05-10 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-06 19:27 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-06 19:27 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-22 09:31 . 2008-04-23 08:33 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-22 09:31 . 2008-04-22 09:31 <DIR> d-------- C:\Documents and Settings\Paul Padula\Application Data\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-17 04:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-16 01:59 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\HP
2008-05-15 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 17:14 --------- d-----w C:\Program Files\InterActual
2008-05-14 17:13 --------- d-----w C:\Program Files\Handbrake
2008-05-14 17:12 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-10 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 15:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-27 20:27 --------- d-----w C:\Program Files\Incomplete
2008-04-27 20:24 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:24 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\LimeWire
2008-04-20 22:11 --------- d-----w C:\Program Files\Google
2008-03-23 02:43 --------- d-----w C:\Documents and Settings\Glenda Padula\Application Data\acccore
2008-03-20 18:32 --------- d-----w C:\Documents and Settings\Paul Padula\Application Data\Apple Computer
2008-03-20 04:08 --------- d-----w C:\Program Files\iTunes
2008-03-20 04:08 --------- d-----w C:\Program Files\iPod
2008-03-20 04:06 --------- d-----w C:\Program Files\QuickTime
2008-03-17 20:58 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 17:34 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 21:28 185896]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 17:40 731136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 08:00 44544]
C:\Documents and Settings\Paul Padula\Start Menu\Programs\Startup\
DirectDVD Update Manager.lnk - C:\Program Files\Orion Studios HD\UpdateHD.exe [2008-01-27 00:52:45 454656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-08 17:33:58 124400]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2008-05-15 10:24:35 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"DW4"=
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 V7;V7;C:\WINDOWS\system32\Drivers\V7.SYS [2000-03-10 02:24]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af4d36b9-ddbf-11dc-be80-00115b0856d3}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 03:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-17 00:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Paul Padula.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 13:34:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 13:34:58
ComboFix-quarantined-files.txt 2008-05-17 17:34:43
ComboFix2.txt 2008-05-17 15:20:40
ComboFix3.txt 2008-05-16 02:21:04
Pre-Run: 267,602,677,760 bytes free
Post-Run: 267,592,462,336 bytes free
198 --- E O F --- 2008-05-17 14:38:29
computerzim
2008-05-17, 23:50
Oops, forgot the Hijack log...sorry
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:08 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210999332281
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11124 bytes
Almost home,
You need to enable windows to show all files and folders, instructions Here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.
C:\WINDOWS\system32\pngkqvph.dll
computerzim
2008-05-18, 17:11
Oops, forgot the Hijack log...sorry
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:08 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187055900140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210999332281
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{AAD3895F-E2B5-49B5-B1F5-364EC2049E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 11124 bytes
computerzim
2008-05-18, 17:23
Here it is:
File pngkqvph.dll received on 05.18.2008 17:16:58 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/32 (6.25%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 TR/Trash.Gen
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 -
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 -
Ikarus T3.1.1.26.0 2008.05.13 -
Kaspersky 7.0.0.125 2008.05.13 -
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 -
Prevx1 V2 2008.05.18 -
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 -
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 -
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 Trojan.Trash.Gen
Additional information
File size: 91264 bytes
MD5...: b65e4d64e573d4ceeb9bab47d72b521d
SHA1..: 54eb28a7078c9ed66cc124204e6c97151c5130c8
SHA256: 3ad7041239fc6d22b458e61adc759cc2163d7f3994214cb7076e1a6af4baa97a
SHA512: d1f3959f41616113105531ee0503fbe3f2a15721f9e2be9d93a5490a66d416b7
7d39c86d1ab646a5a9c496a66d2bcc86e2150c34c565ca34f4dc999c4e815612
PEiD..: -
PEInfo: -
Your fine :bigthumb:
Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://java.sun.com/javase/downloads/index.jsp) and install the update
Java Runtime Environment (JRE) 6 Update 6 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
computerzim
2008-05-18, 23:16
Ken, I bow to you! You are the man! I had to fix some Window update problems left over from the Window Repair utility, but the computer is back from the diseased/deceased, thanks to you. Thank you a ton. mike zim
Your welcome Mike,
Take care,
Ken:)