PDA

View Full Version : Infected With Trojan.TDSS



JohnShooter
2009-07-29, 08:16
Hi.

I'm am currently running McAfee, Malwarebytes, & Superantispyware.

However, after I run a full scan and remove the trojans, the trojans return after I reboot. Also whenever I go search on google, I am redirected to an advertisement webpage.

Pease help me!!

Here is the HIJACK This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:01, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\comcasttb\CIDGlobalLight.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imeem.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [AVScan] C:\Documents and Settings\JR\Application Data\winav.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [sufapizema] Rundll32.exe "C:\WINDOWS\system32\roruhore.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sufapizema] Rundll32.exe "C:\WINDOWS\system32\roruhore.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXNHAts - cbXNHAts.dll (file missing)
O20 - Winlogon Notify: jkkJawTM - jkkJawTM.dll (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10566 bytes

shelf life
2009-07-30, 04:00
Hi JohnShooter,

After Malwarebytes is finished scanning, you do this step?:

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer most likely will be required to remove some items.*

If not, follow above. If so then continue with this:


We will get another download to use. Its called combofix. There is a guide to read first. Read the guide, download combofix to your dekstop, disable any AV etc. as explained in the guide, double click the icon on your desktop and follow the prompts. Post the combofix log in your reply.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

JohnShooter
2009-07-30, 06:58
Here's the requested log...

ComboFix 09-07-29.03 - JR 07/29/2009 23:25.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.584 [GMT -4:00]
Running from: c:\documents and settings\JR\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Casper & Grace\Application Data\BIT39.tmp
C:\SYSDLL.bat
c:\windows\Installer\83879.msp
c:\windows\run.log
c:\windows\system32\drivers\geyekrblhtkkyl.sys
c:\windows\system32\geyekrbivsbori.dat
c:\windows\system32\geyekrdhgfpmxo.dat
c:\windows\system32\geyekrklpabuuq.dll
c:\windows\system32\geyekrwsioexmq.dll
c:\windows\system32\GjlnWvut.ini
c:\windows\system32\GjlnWvut.ini2
c:\windows\system32\klkUtBeg.ini
c:\windows\system32\klkUtBeg.ini2
c:\windows\system32\tmp.reg
c:\windows\TEMP\CRF000\Setup.EXE
c:\windows\TEMP\CRF001\CTCabEx.DLL
c:\windows\TEMP\CRF001\CTEngine\CTCabEx.DLL
c:\windows\TEMP\CRF001\CTEngine\setup.exe
c:\windows\TEMP\CRF001\CTShared\Ctdsetup.dll
c:\windows\TEMP\CRF001\CTShared\MSRedist\AXDIST.EXE
c:\windows\TEMP\CRF001\CTShared\MSRedist\Dxmedia.exe
c:\windows\TEMP\CRF001\CTShared\MSRedist\wmdmdist.exe
c:\windows\TEMP\CRF001\CTShared\MSRedist\wmfdist.exe
c:\windows\TEMP\CRF001\CTShared\Shared\CTAppDet.ocx
c:\windows\TEMP\CRF001\CTShared\Shared\CTEffect.ax
c:\windows\TEMP\CRF001\CTShared\WinSys\MFC42.DLL
c:\windows\TEMP\CRF001\CTShared\WinSys\msvcp60.dll
c:\windows\TEMP\CRF001\CTShared\WinSys\MSVCRT.DLL
c:\windows\TEMP\CRF001\setup.exe
c:\windows\TEMP\gis17796f0\2.4.1536.6592\ci.dll
c:\windows\TEMP\gis17796f0\2.4.1536.6592\cires.dll
c:\windows\TEMP\gis17796f0\2.4.1536.6592\cs\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\da\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\de\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\el\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\en-gb\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\en\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\es\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\fi\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\fr\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\GoogleUpdaterAdminPrefs.exe
c:\windows\TEMP\gis17796f0\2.4.1536.6592\GoogleUpdaterInstallMgr.exe
c:\windows\TEMP\gis17796f0\2.4.1536.6592\GoogleUpdaterSetup.exe
c:\windows\TEMP\gis17796f0\2.4.1536.6592\it\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\ja\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\ko\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\nl\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\no\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\npCIDetect13.dll
c:\windows\TEMP\gis17796f0\2.4.1536.6592\pl\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\pt-br\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\ru\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\sv\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\th\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\tr\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\zh-cn\cires.dll.mui
c:\windows\TEMP\gis17796f0\2.4.1536.6592\zh-tw\cires.dll.mui
c:\windows\TEMP\gis17796f0\GoogleUpdater.exe
c:\windows\TEMP\gis17796f0\GoogleUpdaterService.exe

----- BITS: Possible infected sites -----

hxxp://downloadsoftwareserver.com
c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP184\A0079503.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrwprqpfwa
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-29 04:58 . 2009-07-29 04:58 -------- d-----w- c:\program files\Trend Micro
2009-07-29 04:46 . 2009-07-29 04:46 -------- d-s---w- C:\Combo-Fix
2009-07-28 21:31 . 2009-07-30 03:38 117760 ----a-w- c:\documents and settings\JR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 21:31 . 2009-07-28 21:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2009-07-28 21:30 . 2009-07-28 21:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-28 21:30 . 2009-07-28 21:30 -------- d-----w- c:\documents and settings\JR\Application Data\SUPERAntiSpyware.com
2009-07-28 19:09 . 2009-07-28 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-27 16:52 . 2009-07-27 16:52 1 ----a-w- c:\windows\ectbbyn.dat
2009-07-27 16:52 . 2009-07-28 16:25 1039 ----a-w- c:\windows\th1234.dat
2009-07-27 02:09 . 2009-07-27 02:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-27 02:08 . 2009-07-27 02:08 -------- d-----w- c:\program files\Bonjour
2009-07-27 02:07 . 2009-07-27 02:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-27 02:06 . 2009-07-27 02:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-07-24 07:02 . 2009-07-24 07:02 1 ---h--w- c:\windows\th823567.dat
2009-07-24 04:33 . 2009-07-28 15:20 206 ----a-w- c:\windows\prxid93ps.dat
2009-07-13 07:16 . 2009-07-13 07:16 67072 ----a-w- c:\windows\system32\drivers\nstipyrtqeecufhw.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 00:45 . 2009-04-28 19:01 -------- d-----w- c:\documents and settings\JR\Application Data\CallingID
2009-07-29 04:38 . 2009-02-07 01:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-28 18:15 . 2009-02-07 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:14 . 2009-01-20 19:13 -------- d-----w- c:\program files\FinePixViewer
2009-07-27 03:31 . 2009-01-20 19:16 -------- d-----w- c:\program files\QuickTime
2009-07-23 21:11 . 2008-06-20 01:02 -------- d-----w- c:\program files\LimeWire
2009-07-23 21:11 . 2008-06-10 14:49 -------- d-----w- c:\documents and settings\JR\Application Data\LimeWire
2009-07-16 15:59 . 2009-04-28 19:01 -------- d-----w- c:\documents and settings\JR\Application Data\comcasttb
2009-07-13 17:36 . 2009-02-07 18:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-02-07 18:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 15:45 . 2009-06-11 15:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-06-11 15:45 . 2009-06-11 16:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 15:45 . 2009-06-11 15:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-11 15:43 . 2009-06-11 15:43 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 15:43 . 2009-06-11 15:43 -------- d-----w- c:\program files\Lavasoft
2009-06-10 02:38 . 2009-06-10 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\comcasttb
2009-06-09 23:30 . 2009-02-07 00:01 -------- d-----w- c:\documents and settings\JR\Application Data\McAfee
2009-06-09 23:29 . 2008-03-19 00:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-05-27 10:10 . 2008-08-19 15:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-26 22:08 . 2009-05-26 22:08 554456 ----a-w- c:\documents and settings\JR\Application Data\comcasttb\dtband.dll
2009-05-26 22:08 . 2009-05-26 22:08 554456 ----a-w- c:\documents and settings\JR\Application Data\comcasttb\comcasttb.dll
2009-05-10 22:29 . 2009-05-10 22:29 137 ----a-w- c:\documents and settings\Casper & Grace\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-03-16 1622488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-20 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-07-17 16132608]

c:\documents and settings\JR\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-18 24576]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-1-20 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/11/2009 11:45 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 5:37 PM 616408]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/17/2008 3:50 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [6/20/2008 5:01 PM 185183]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AVScan - c:\documents and settings\JR\Application Data\winav.exe
Notify-cbXNHAts - cbXNHAts.dll
Notify-jkkJawTM - jkkJawTM.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.imeem.com/home
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 23:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(2068)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-07-30 23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 03:44

Pre-Run: 230,260,031,488 bytes free
Post-Run: 230,678,061,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

280 --- E O F --- 2009-03-13 02:32

shelf life
2009-07-30, 23:10
ok good. We will use combofix again:

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:



File::
c:\windows\ectbbyn.dat
c:\windows\th1234.dat
c:\windows\th823567.dat
c:\windows\prxid93ps.dat


Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop.
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.

Once combofix is finished check MBAM for updates and do a scan with and post that log also.

JohnShooter
2009-07-31, 02:51
Here are the 3 logs...
The MBAM scan found 2 infected objects. (sigh) This has been one tiresome experience. lol

ComboFix 09-07-29.04 - JR 07/30/2009 19:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.517 [GMT -4:00]
Running from: c:\documents and settings\JR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JR\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\ectbbyn.dat"
"c:\windows\prxid93ps.dat"
"c:\windows\th1234.dat"
"c:\windows\th823567.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ectbbyn.dat
c:\windows\prxid93ps.dat
c:\windows\Tasks\vmkqhkrc.job
c:\windows\th1234.dat
c:\windows\th823567.dat

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 23:10 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-30 23:10 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-30 15:23 . 2009-07-30 15:23 -------- d-sh--w- c:\documents and settings\JR\IECompatCache
2009-07-30 15:22 . 2009-07-30 15:22 -------- d-sh--w- c:\documents and settings\JR\PrivacIE
2009-07-30 15:20 . 2009-07-30 15:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-30 15:20 . 2009-07-30 15:20 -------- d-sh--w- c:\documents and settings\JR\IETldCache
2009-07-30 15:17 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-30 15:17 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-30 15:17 . 2009-07-30 15:17 -------- d-----w- c:\windows\ie8updates
2009-07-30 15:17 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-30 15:14 . 2009-07-30 15:15 -------- dc-h--w- c:\windows\ie8
2009-07-30 03:47 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-30 03:47 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-07-30 03:47 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-30 03:47 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-30 03:47 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-30 03:47 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-30 03:47 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-30 03:47 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-30 03:47 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-30 03:47 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-30 03:46 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-30 03:46 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-30 03:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-29 04:58 . 2009-07-29 04:58 -------- d-----w- c:\program files\Trend Micro
2009-07-29 04:46 . 2009-07-29 04:46 -------- d-s---w- C:\Combo-Fix
2009-07-28 21:31 . 2009-07-30 22:52 117760 ----a-w- c:\documents and settings\JR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-28 21:31 . 2009-07-28 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-28 21:30 . 2009-07-28 21:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-28 21:30 . 2009-07-28 21:30 -------- d-----w- c:\documents and settings\JR\Application Data\SUPERAntiSpyware.com
2009-07-28 19:09 . 2009-07-28 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-28 18:15 . 2009-07-28 18:15 3775175 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-27 02:09 . 2009-07-27 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-27 02:08 . 2009-07-27 02:08 -------- d-----w- c:\program files\Bonjour
2009-07-27 02:07 . 2009-07-27 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-27 02:06 . 2009-07-27 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-20 16:03 . 2009-07-20 16:03 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-20 16:03 . 2009-07-20 16:03 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-20 16:03 . 2009-07-20 16:03 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-20 16:03 . 2009-07-20 16:03 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-20 16:03 . 2009-07-20 16:03 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-20 16:03 . 2009-07-20 16:03 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-20 16:03 . 2009-07-20 16:03 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-20 16:02 . 2009-07-20 16:02 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-20 16:02 . 2009-07-20 16:02 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-20 16:02 . 2009-07-20 16:02 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-20 16:02 . 2009-07-20 16:02 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-20 16:02 . 2009-07-20 16:02 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-20 16:01 . 2009-07-20 16:02 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-20 16:01 . 2009-07-20 16:01 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-20 16:01 . 2009-07-20 16:01 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-20 16:00 . 2009-07-20 16:00 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-20 16:00 . 2009-07-20 16:00 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:22 . 2009-04-28 19:01 -------- d-----w- c:\documents and settings\JR\Application Data\CallingID
2009-07-30 05:54 . 2008-03-19 00:37 -------- d-----w- c:\program files\Microsoft Works
2009-07-30 05:54 . 2009-02-28 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-30 05:39 . 2009-02-07 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-28 18:15 . 2009-02-07 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 19:14 . 2009-01-20 19:13 -------- d-----w- c:\program files\FinePixViewer
2009-07-27 03:31 . 2009-01-20 19:16 -------- d-----w- c:\program files\QuickTime
2009-07-23 21:11 . 2008-06-20 01:02 -------- d-----w- c:\program files\LimeWire
2009-07-23 21:11 . 2008-06-10 14:49 -------- d-----w- c:\documents and settings\JR\Application Data\LimeWire
2009-07-16 15:59 . 2009-04-28 19:01 -------- d-----w- c:\documents and settings\JR\Application Data\comcasttb
2009-07-13 17:36 . 2009-02-07 18:11 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-02-07 18:11 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 17:09 . 2004-08-11 23:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-11 23:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 23:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 15:45 . 2009-06-11 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-11 15:45 . 2009-06-11 16:19 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-11 15:45 . 2009-06-11 15:45 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-11 15:45 . 2009-06-11 15:45 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-11 15:45 . 2009-06-11 15:45 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-11 15:43 . 2009-06-11 15:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-11 15:43 . 2009-06-11 15:43 -------- d-----w- c:\program files\Lavasoft
2009-06-10 02:38 . 2009-06-10 02:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\comcasttb
2009-06-09 23:30 . 2009-02-07 00:01 -------- d-----w- c:\documents and settings\JR\Application Data\McAfee
2009-06-09 23:29 . 2008-03-19 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-03 19:09 . 2004-08-11 23:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 10:10 . 2008-08-19 15:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-26 22:08 . 2009-05-26 22:08 554456 ----a-w- c:\documents and settings\JR\Application Data\comcasttb\dtband.dll
2009-05-26 22:08 . 2009-05-26 22:08 554456 ----a-w- c:\documents and settings\JR\Application Data\comcasttb\comcasttb.dll
2009-05-10 22:29 . 2009-05-10 22:29 137 ----a-w- c:\documents and settings\Casper & Grace\Local Settings\Application Data\fusioncache.dat
2009-05-07 15:32 . 2004-08-11 23:00 345600 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_03.39.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-07-30 22:51 . 2009-07-30 22:51 16384 c:\windows\Temp\Perflib_Perfdata_83c.dat
+ 2008-03-19 00:28 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-06-18 04:52 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-11 23:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-11 23:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2004-08-11 23:00 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
- 2004-08-11 23:00 . 2009-03-29 07:26 54484 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2009-07-30 15:13 54484 c:\windows\system32\perfc009.dat
- 2006-06-29 12:05 . 2006-06-29 12:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-28 21:59 . 2006-06-28 21:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-28 21:59 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
- 2004-08-11 23:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 23:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 23:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2004-08-11 23:00 . 2007-08-13 22:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
- 2004-08-11 23:00 . 2007-08-13 22:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 22:36 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 22:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 23:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 23:00 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-11 23:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-11 23:00 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-11 23:00 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-11 23:00 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 12:05 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 12:05 . 2006-06-29 12:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-03-19 00:22 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-08-13 22:01 . 2007-08-13 22:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:01 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-03-19 00:22 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 22:32 . 2007-08-13 22:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 22:32 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-05-18 17:18 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-03-19 00:22 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-03-19 00:22 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 22:36 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
- 2008-05-18 17:18 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-05-18 17:18 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 22:39 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-05-18 17:18 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-13 22:18 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-29 16:12 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-11 23:00 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2009-07-30 15:13 . 2009-07-30 19:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-20 23:21 . 2009-07-30 02:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-20 23:21 . 2009-07-30 19:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-20 23:21 . 2009-07-30 02:29 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-20 23:21 . 2009-07-30 19:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 23:00 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
- 2009-03-04 04:25 . 2009-03-04 04:25 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-07-30 05:53 . 2009-07-30 05:53 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-30 05:54 . 2009-07-30 05:54 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-03-04 04:26 . 2009-03-04 04:26 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
+ 2007-11-28 01:34 . 2007-11-28 01:34 13152 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F990_worksup.dll
+ 2006-10-27 02:13 . 2006-10-27 02:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 01:09 . 2006-10-27 01:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-27 02:07 . 2006-10-27 02:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.4518\PXBPROXY.DLL
+ 2009-07-30 15:18 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-30 15:18 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-30 15:18 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-07-30 15:15 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
+ 2009-07-30 15:14 . 2007-08-13 22:01 48128 c:\windows\ie8\mshtmler.dll
+ 2009-07-30 15:14 . 2007-08-13 22:32 45568 c:\windows\ie8\mshta.exe
+ 2009-07-30 15:14 . 2007-08-13 22:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-07-30 15:14 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-07-30 15:14 . 2007-08-13 22:44 40960 c:\windows\ie8\licmgr10.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
+ 2009-07-30 15:14 . 2007-08-13 22:39 92672 c:\windows\ie8\inseng.dll
+ 2009-07-30 15:14 . 2007-08-13 22:36 36352 c:\windows\ie8\imgutil.dll
+ 2009-07-30 15:14 . 2007-08-13 22:39 55296 c:\windows\ie8\iesetup.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
+ 2009-07-30 15:14 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-07-30 15:14 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
+ 2009-07-30 15:14 . 2007-08-13 22:18 60416 c:\windows\ie8\hmmapi.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
+ 2009-07-30 15:14 . 2007-08-13 22:39 71680 c:\windows\ie8\admparse.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-30 05:50 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-30 05:50 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-30 05:50 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-30 05:50 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-30 05:50 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-30 05:50 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2009-07-30 15:17 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
- 2008-05-18 17:16 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2008-05-18 17:16 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-11 23:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 23:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2007-08-13 22:45 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-11 23:00 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-11 23:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 23:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 23:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-11 23:00 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-11 23:00 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
- 2004-08-11 23:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-11 23:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2004-08-11 23:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2004-08-11 23:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
- 2004-08-11 23:00 . 2009-03-29 07:26 384926 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2009-07-30 15:13 384926 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2004-08-11 23:00 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2004-08-11 23:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-11 23:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-11 23:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-11 23:00 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-11 23:00 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
- 2004-08-11 23:00 . 2007-08-13 22:54 156160 c:\windows\system32\msls31.dll
+ 2007-08-13 22:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 23:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 23:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-11 23:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
- 2004-08-11 23:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 23:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2004-08-11 23:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2007-08-13 22:54 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-11 23:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 23:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 23:00 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-11 23:00 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-11 23:00 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-11 23:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 23:06 . 2009-07-30 15:08 321136 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 23:06 . 2009-03-11 18:42 321136 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 23:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 23:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-11 23:00 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-03-19 00:22 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 22:54 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2008-03-19 00:23 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 22:44 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 22:44 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-08-13 22:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-03-19 00:22 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-03-19 00:22 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 22:54 . 2007-08-13 22:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 22:54 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-18 17:18 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-13 22:43 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2008-03-19 00:22 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 22:39 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-05-18 17:18 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 21:56 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 22:39 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 22:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-03-19 00:22 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2008-03-19 00:22 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2008-03-19 00:22 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-03-19 00:22 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:39 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-11 23:00 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
- 2004-08-11 23:00 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2004-08-11 23:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2009-02-12 16:58 . 2009-02-12 16:58 549888 c:\windows\Installer\76b0be.msp
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\76b000.msp
+ 2009-07-30 05:47 . 2009-07-30 05:47 248832 c:\windows\Installer\76afd6.msi
- 2009-02-28 21:50 . 2009-03-11 14:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
+ 2007-11-28 01:19 . 2007-11-28 01:19 161120 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F366_wkcvqr01.dll
+ 2007-11-28 01:19 . 2007-11-28 01:19 972128 c:\windows\Installer\$PatchCache$\Managed\0DC8CB51B56A0D742ADD098A4295F08A\9.7.621\F365_wkcvqd01.dll
+ 2009-07-30 15:17 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-07-30 15:17 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-07-30 15:18 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-30 15:18 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-30 15:18 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-30 15:18 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-30 15:18 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-30 15:18 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-30 15:18 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-30 15:18 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-30 15:18 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-07-30 15:14 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
+ 2009-07-30 15:14 . 2007-08-13 22:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-07-30 15:14 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2009-07-30 15:14 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-07-30 15:14 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
+ 2009-07-30 15:15 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-07-30 15:15 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-07-30 15:14 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-07-30 15:14 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
+ 2009-07-30 15:14 . 2007-08-13 22:54 156160 c:\windows\ie8\msls31.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
+ 2009-07-30 15:14 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-07-30 15:14 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
+ 2009-07-30 15:14 . 2007-08-13 22:54 180736 c:\windows\ie8\ieui.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2009-07-30 15:14 . 2007-08-13 22:54 287744 c:\windows\ie8\ieproxy.dll
+ 2009-07-30 15:14 . 2007-08-13 22:54 191488 c:\windows\ie8\iepeers.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-07-30 15:14 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-30 05:51 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-30 05:51 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-30 05:50 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-30 05:50 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-30 05:50 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-30 05:50 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2009-07-30 05:50 . 2009-07-30 05:50 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2004-08-11 23:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-11 23:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-11 23:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 04:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 04:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 23:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2007-02-12 20:10 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-10-14 21:24 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-03-19 00:22 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-14 21:24 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-14 21:24 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 21:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-14 21:24 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 21:24 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 21:24 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-14 21:24 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-03-19 00:22 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-18 17:18 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-05-18 17:18 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-05-04 11:46 . 2009-05-04 11:46 8299008 c:\windows\Installer\76b0a8.msp
+ 2009-05-26 22:54 . 2009-05-26 22:54 4192768 c:\windows\Installer\76b091.msp
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\76b072.msp
+ 2009-05-04 11:47 . 2009-05-04 11:47 9124864 c:\windows\Installer\76b068.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\76b04d.msp
+ 2009-04-24 16:38 . 2009-04-24 16:38 1229312 c:\windows\Installer\76b035.msp
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\76b02d.msp
+ 2009-04-24 16:28 . 2009-04-24 16:28 4450816 c:\windows\Installer\76b018.msp
+ 2009-07-02 20:23 . 2009-07-02 20:23 5027328 c:\windows\Installer\76afeb.msp
+ 2009-04-24 16:29 . 2009-04-24 16:29 9013760 c:\windows\Installer\76afd0.msp
+ 2009-02-28 21:50 . 2009-07-30 05:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-28 21:50 . 2009-03-11 14:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-28 21:50 . 2009-07-30 05:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
+ 2008-03-19 00:37 . 2009-07-30 05:54 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
- 2008-03-19 00:37 . 2008-03-19 00:37 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
+ 2009-07-30 15:18 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-30 15:18 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-30 15:18 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-07-30 15:14 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
+ 2009-07-30 15:14 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
+ 2009-07-30 15:14 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
+ 2009-07-30 15:14 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-07-30 05:50 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-30 05:50 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-30 05:50 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-07-30 05:50 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2008-10-14 21:24 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 21:24 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 21:24 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 21:24 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 21:24 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 21:24 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-14 21:24 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-07-30 05:47 . 2009-07-07 12:10 24539592 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-05-18 17:18 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-07-30 15:18 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-03-16 1622488]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EarthLink Installer"="/C" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-02-26 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 136600]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-20 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-07-17 16132608]

c:\documents and settings\JR\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-18 24576]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-1-20 303104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/11/2009 11:45 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [3/16/2009 5:37 PM 616408]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/17/2008 3:50 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [6/20/2008 5:01 PM 185183]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:02]

2009-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 01:31]

2009-05-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.imeem.com/people/eZIASaL
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
Completion time: 2009-07-30 19:13
ComboFix-quarantined-files.txt 2009-07-30 23:13
ComboFix2.txt 2009-07-30 03:45

Pre-Run: 229,581,262,848 bytes free
Post-Run: 229,724,692,480 bytes free

597 --- E O F --- 2009-07-30 15:18

JohnShooter
2009-07-31, 02:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:38, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imeem.com/people/eZIASaL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10358 bytes







Malwarebytes' Anti-Malware 1.39
Database version: 2524
Windows 5.1.2600 Service Pack 3

7/30/2009 7:42:27 PM
mbam-log-2009-07-30 (19-42-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 175316
Time elapsed: 27 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\geyekrklpabuuq.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP219\A0101507.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

shelf life
2009-08-01, 02:27
ok looks good. Those items MBAM removed are actually from Combofix's quarantine folder. You can remove combofix like this:
Go to Start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /
if that dosnt work we can do it another way.

If all is good on your end now, you can make a new restore point. The how and why:

One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

10 Tips for Reducing Your Risk To Malware:
The Short Version

1) It is essential to Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/) Malicious web sites can take advantage of vulnerabilities to possibly push and install malware to your computer.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, IRC, Chat Rooms or Social Networking Sites, no matter how tempting or legitimate the message may seem. These could redirect you to malicious websites that host exploits.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software, media players or codecs to your computer--for any reason.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)

10) Warez, cracks etc are very popular for carrying malware payloads. Avoid. If you install files via p2p (http://www.virusvault.us/p2p.html) networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

JohnShooter
2009-08-02, 01:11
Whew. I'm so glad that's over with.

Thank you so much for your help.

I appreciate it greatly!