View Full Version : hijack this log to be reviewed
adkinsrodney
2009-11-13, 02:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:33 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Common Files\AOL\1203051387\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070428
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baltimoresun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070428
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 69.25.100.4 mail.topdownconsulting.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203051387\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Llasi] rundll32.exe "C:\WINDOWS\Udukuzuwocucaf.dll",e
O4 - HKLM\..\Run: [Xjipaquzacufoti] rundll32.exe "C:\WINDOWS\idevacasatoxolib.dll",e
O4 - HKLM\..\Run: [040daa53] rundll32.exe "C:\WINDOWS\system32\qgrruqio.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm035MHUS
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179407920578
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://topdownconsulting.webex.com/client/T25L/webex/ieatgpc.cab
O20 - AppInit_DLLs: ugdvlu.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c95c6063b8cd71) (gupdate1c95c6063b8cd71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 13521 bytes
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply
Thanks peku006
adkinsrodney
2009-11-16, 00:23
peku006,
First thanks for your help. I downloaded Combofix as instructed and disabled virus scans.
However when i get to the point of clicking on the Combofix.exe nothing happens after doubleclicking on it.
I followed your instructions and sisn't touch the pc but after a hour nothing happened.
please advise
Hi adkinsrodney
Ok,we can use other tools :D:
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
adkinsrodney
2009-11-16, 18:39
Peku006,
I got Combofix to run. the results are below
ComboFix 09-11-16.03 - Missy 11/16/2009 0:13..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2872 [GMT -5:00]
Running from: c:\documents and settings\Missy\My Documents\ComboFix\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081225222248796.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}\chrome.manifest
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}\chrome\content\_cfg.js
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}\chrome\content\c.js
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}\chrome\content\overlay.xul
c:\documents and settings\Missy\Local Settings\Application Data\{50AE6FBA-99F9-40FF-8680-0AC36E5B6F53}\install.rdf
c:\documents and settings\Missy\My Documents\games.url
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}\chrome.manifest
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}\chrome\content\_cfg.js
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}\chrome\content\c.js
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}\chrome\content\overlay.xul
c:\documents and settings\Rodney Adkins\Local Settings\Application Data\{FB88458B-C4E6-4AA3-853E-303D2607D9B5}\install.rdf
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\uninstall.exe
c:\windows\abiridas.dll
c:\windows\ajaweyifeg.dll
c:\windows\alozatecuxiseta.dll
c:\windows\efafehocoz.dll
c:\windows\evapimoxihuvuwo.dll
c:\windows\ewinewunoz.dll
c:\windows\ezasozoqocefuwej.dll
c:\windows\idevacasatoxolib.dll
c:\windows\ihupegogaj.dll
c:\windows\ijexeqetala.dll
c:\windows\iliyixevoyohovoj.dll
c:\windows\kernel32.exe
c:\windows\ominucije.dll
c:\windows\openezonusohomat.dll
c:\windows\osalecug.dll
c:\windows\ozahemilekihi.dll
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\BdMVwyxx.ini
c:\windows\system32\BdMVwyxx.ini2
c:\windows\system32\drivers\TDSSpcuu.sys
c:\windows\system32\fcCCrqoh.dll
c:\windows\system32\geBsppqr.dll
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\lwtvkdyc.dll
c:\windows\system32\mwehjpvs.ini
c:\windows\system32\nnnkKDss.dll
c:\windows\system32\nnnomKcY.dll
c:\windows\system32\oiqurrgq.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\qgrruqio.dll
c:\windows\system32\TDSSirxb.dll
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSlmjf.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSocum.dll
c:\windows\system32\TDSSqahc.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSshkx.log
c:\windows\system32\TDSSwgqt.dat
c:\windows\system32\TDSSxekj.dll
c:\windows\system32\tnnpsikn.dll
c:\windows\system32\totegudu.ini
c:\windows\system32\udugetot.dll
c:\windows\system32\ugdvlu.dll
c:\windows\system32\wawmck.dll
c:\windows\system32\xxywVMdB.dll
c:\windows\system32\xzjzii.dll
c:\windows\system32\yekqlvek.dll
c:\windows\udagerut.dll
c:\windows\Udukuzuwocucaf.dll
c:\windows\umugoqora.dll
c:\windows\uquqabez.dll
c:\windows\uvojumuq.dll
c:\windows\uyuheceh.dll
c:\windows\uzohevurij.dll
c:\windows\vmreg.dll
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.
2009-11-16 05:39 . 2009-11-16 05:46 -------- d-----w- c:\windows\LastGood
2009-11-13 16:55 . 2009-11-13 16:55 1711 ----a-w- c:\windows\ogeqoyejamiyum.dll
2009-11-13 15:49 . 2009-11-13 15:49 1514 ----a-w- c:\windows\uvidubadisuvu.dll
2009-11-13 14:43 . 2009-11-13 14:43 1711 ----a-w- c:\windows\efimiyuvacas.dll
2009-11-13 13:33 . 2009-11-13 13:33 1711 ----a-w- c:\windows\evibeqixiwuhuqe.dll
2009-11-13 12:14 . 2009-11-13 12:14 1711 ----a-w- c:\windows\alutayol.dll
2009-11-13 10:58 . 2009-11-13 10:58 1711 ----a-w- c:\windows\oroteroyowuyazam.dll
2009-11-13 09:52 . 2009-11-13 09:52 1711 ----a-w- c:\windows\otitamag.dll
2009-11-13 08:44 . 2009-11-13 08:44 1711 ----a-w- c:\windows\ivufegizutaz.dll
2009-11-13 07:26 . 2009-11-13 07:26 1711 ----a-w- c:\windows\ahugeteko.dll
2009-11-13 06:07 . 2009-11-13 06:07 1711 ----a-w- c:\windows\omokamika.dll
2009-11-13 05:01 . 2009-11-13 05:01 1711 ----a-w- c:\windows\ivihudusibo.dll
2009-11-13 03:55 . 2009-11-13 03:55 1711 ----a-w- c:\windows\odomuyosamavabow.dll
2009-11-13 02:47 . 2009-11-13 02:47 1711 ----a-w- c:\windows\ewiruboh.dll
2009-11-13 01:40 . 2009-11-13 01:40 1711 ----a-w- c:\windows\imefefelavarowi.dll
2009-11-13 00:36 . 2009-11-13 00:36 -------- d-----w- c:\program files\Trend Micro
2009-11-13 00:27 . 2009-11-13 00:27 1711 ----a-w- c:\windows\etozewujonafaz.dll
2009-11-12 23:50 . 2009-11-12 23:50 1711 ----a-w- c:\windows\ebiqaquhe.dll
2009-11-11 19:03 . 2009-11-11 19:03 3006 ----a-w- c:\windows\itofuzawo.dll
2009-11-11 17:43 . 2009-11-11 17:43 3006 ----a-w- c:\windows\elolohoqusiwoj.dll
2009-11-11 15:18 . 2009-11-11 15:19 -------- d-----w- c:\program files\ERUNT
2009-11-11 15:08 . 2009-11-11 15:08 3006 ----a-w- c:\windows\aromaquden.dll
2009-11-11 14:48 . 2009-11-11 14:49 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\Deployment
2009-11-11 14:47 . 2009-11-11 14:47 3006 ----a-w- c:\windows\isatanab.dll
2009-11-11 06:14 . 2009-11-11 06:14 3006 ----a-w- c:\windows\osewaxohe.dll
2009-11-11 05:29 . 2009-11-11 05:29 87400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 05:27 . 2009-11-11 05:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-11 05:26 . 2009-11-11 05:26 -------- d-----w- c:\program files\MSBuild
2009-11-11 05:26 . 2009-11-11 05:26 -------- d-----w- c:\program files\Reference Assemblies
2009-11-11 05:24 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-11 05:24 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-11-11 05:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-11 05:24 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-11-11 05:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-11 05:24 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-11-11 05:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-11 05:24 . 2009-11-11 05:25 -------- d-----w- C:\2606e3a7fab17ddb72a0cfcae782b8
2009-11-11 05:08 . 2009-11-11 05:08 3006 ----a-w- c:\windows\ezizehuj.dll
2009-11-11 05:00 . 2009-11-11 05:00 -------- d-----w- C:\9e372c74e96325c6ca7118d322d56f
2009-11-11 04:02 . 2009-11-11 04:02 3073 ----a-w- c:\windows\ekawogepukog.dll
2009-11-11 03:58 . 2009-11-11 03:58 152576 ----a-w- c:\documents and settings\Missy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 02:40 . 2009-11-11 02:40 3006 ----a-w- c:\windows\ajuzacan.dll
2009-11-11 02:31 . 2009-11-11 02:31 -------- d-----w- c:\program files\CCleaner
2009-11-11 02:31 . 2009-11-11 02:31 3006 ----a-w- c:\windows\itozecec.dll
2009-11-11 02:27 . 2009-11-11 03:57 79488 ----a-w- c:\documents and settings\Missy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 05:37 . 2007-05-03 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-11-16 05:37 . 2007-05-03 03:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-11-16 05:21 . 2007-04-28 16:18 -------- d-----w- c:\program files\Google
2009-11-12 23:30 . 2007-04-28 15:48 52703 ----a-w- c:\windows\system32\nvModes.dat
2009-11-11 14:48 . 2007-04-28 16:23 27192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 04:07 . 2008-02-17 19:08 -------- d-----w- c:\program files\Nick Arcade
2009-11-11 04:06 . 2007-05-14 14:13 -------- d-----w- c:\program files\CEIVA Sender
2009-11-11 03:59 . 2007-04-28 16:01 -------- d-----w- c:\program files\Java
2009-10-11 09:17 . 2008-12-26 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\SETA9.tmp
2008-03-08 16:43 . 2007-07-12 05:19 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-03-08 16:43 . 2007-07-12 05:19 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-03-08 16:43 . 2007-07-12 05:19 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-03-08 16:43 . 2007-07-12 05:19 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-03-08 16:43 . 2007-07-12 05:19 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-31 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"HostManager"="c:\program files\Common Files\AOL\1203051387\ee\AOLSoftware.exe" [2007-05-25 42032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Rodney Adkins\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-28 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1203051387\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [4/28/2007 10:43 AM 77952]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [4/28/2007 10:43 AM 77952]
S1 c4cb40ae;c4cb40ae;c:\windows\system32\drivers\c4cb40ae.sys [12/25/2008 10:22 PM 0]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 2:55 PM 7882]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [11/7/2006 8:32 AM 99200]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2008-12-22 c:\windows\Tasks\McafeeQuickClean.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:32]
2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:32]
2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baltimoresun.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZJxdm035MHUS
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Missy\Application Data\Mozilla\Firefox\Profiles\zg89q6bn.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=20011&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
BHO-{1eff57a0-1bbc-48c7-ad0a-f4abe96b7045} - c:\windows\system32\ugdvlu.dll
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{3994A9DF-A610-4662-96BC-BAE9547F1052} - (no file)
BHO-{68804207-23FD-49AE-87A1-72C31FADCCE7} - c:\windows\system32\xxywVMdB.dll
BHO-{9d8392b5-0340-4970-8df5-a54b0df33c4b} - (no file)
HKLM-Run-Llasi - c:\windows\Udukuzuwocucaf.dll
HKLM-Run-Xjipaquzacufoti - c:\windows\idevacasatoxolib.dll
HKLM-Run-040daa53 - c:\windows\system32\qgrruqio.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 05:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1076)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3956)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\TechSmith\SnagIt 8\SnagItShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\progra~1\mcafee\msc\mcupdmgr.exe
c:\windows\system32\msiexec.exe
c:\progra~1\mcafee\msc\mcupdui.exe
c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
c:\windows\system32\MsiExec.exe
c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
.
**************************************************************************
.
Completion time: 2009-11-16 05:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 10:32
Pre-Run: 34,738,974,720 bytes free
Post-Run: 34,229,723,136 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 31F60357C306D01F876B0EB60196429C
Hi adkinsrodney
lot of rubbish :D:
1 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
File::
c:\windows\ogeqoyejamiyum.dll
c:\windows\uvidubadisuvu.dll
c:\windows\efimiyuvacas.dll
c:\windows\evibeqixiwuhuqe.dll
c:\windows\alutayol.dll
c:\windows\oroteroyowuyazam.dll
c:\windows\otitamag.dll
c:\windows\ivufegizutaz.dll
c:\windows\ahugeteko.dll
c:\windows\omokamika.dll
c:\windows\ivihudusibo.dll
c:\windows\odomuyosamavabow.dll
c:\windows\ewiruboh.dll
c:\windows\imefefelavarowi.dll
c:\program files\Trend Micro
c:\windows\etozewujonafaz.dll
c:\windows\ebiqaquhe.dll
c:\windows\itofuzawo.dll
c:\windows\elolohoqusiwoj.dll
c:\windows\aromaquden.dll
c:\windows\isatanab.dll
c:\windows\osewaxohe.dll
c:\windows\ezizehuj.dll
c:\windows\ekawogepukog.dll
c:\windows\ajuzacan.dll
c:\windows\itozecec.dll
Folder::
C:\2606e3a7fab17ddb72a0cfcae782b8
C:\9e372c74e96325c6ca7118d322d56f
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
Thanks peku006
adkinsrodney
2009-11-16, 21:50
peku006,
I will not get to this until tomorrow night.... i am currently traveling without that pc
adkinsrodney
2009-11-19, 16:19
ComboFix 09-11-18.04 - Missy 11/18/2009 0:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2775 [GMT -5:00]
Running from: c:\documents and settings\Missy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Missy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\program files\Trend Micro"
"c:\windows\ahugeteko.dll"
"c:\windows\ajuzacan.dll"
"c:\windows\alutayol.dll"
"c:\windows\aromaquden.dll"
"c:\windows\ebiqaquhe.dll"
"c:\windows\efimiyuvacas.dll"
"c:\windows\ekawogepukog.dll"
"c:\windows\elolohoqusiwoj.dll"
"c:\windows\etozewujonafaz.dll"
"c:\windows\evibeqixiwuhuqe.dll"
"c:\windows\ewiruboh.dll"
"c:\windows\ezizehuj.dll"
"c:\windows\imefefelavarowi.dll"
"c:\windows\isatanab.dll"
"c:\windows\itofuzawo.dll"
"c:\windows\itozecec.dll"
"c:\windows\ivihudusibo.dll"
"c:\windows\ivufegizutaz.dll"
"c:\windows\odomuyosamavabow.dll"
"c:\windows\ogeqoyejamiyum.dll"
"c:\windows\omokamika.dll"
"c:\windows\oroteroyowuyazam.dll"
"c:\windows\osewaxohe.dll"
"c:\windows\otitamag.dll"
"c:\windows\uvidubadisuvu.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\2606e3a7fab17ddb72a0cfcae782b8
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\filterpipelineprintproc.dll
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\msxpsdrv.cat
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\msxpsdrv.inf
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\msxpsinc.gpd
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\msxpsinc.ppd
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\mxdwdrv.dll
c:\2606e3a7fab17ddb72a0cfcae782b8\amd64\xpssvcs.dll
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\filterpipelineprintproc.dll
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\msxpsdrv.cat
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\msxpsdrv.inf
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\msxpsinc.gpd
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\msxpsinc.ppd
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\mxdwdrv.dll
c:\2606e3a7fab17ddb72a0cfcae782b8\i386\xpssvcs.dll
C:\9e372c74e96325c6ca7118d322d56f
c:\9e372c74e96325c6ca7118d322d56f\$shtdwn$.req
c:\9e372c74e96325c6ca7118d322d56f\baseline.dat
c:\9e372c74e96325c6ca7118d322d56f\deffactory.dat
c:\9e372c74e96325c6ca7118d322d56f\DeleteTemp.exe
c:\9e372c74e96325c6ca7118d322d56f\dlmgr.dll
c:\9e372c74e96325c6ca7118d322d56f\DW20.EXE
c:\9e372c74e96325c6ca7118d322d56f\DWINTL20.DLL
c:\9e372c74e96325c6ca7118d322d56f\eula.1025.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1028.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1029.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1030.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1031.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1032.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1033.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1035.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1036.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1037.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1038.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1040.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1041.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1042.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1043.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1044.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1045.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1046.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1049.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1053.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.1055.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.2052.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.2070.rtf
c:\9e372c74e96325c6ca7118d322d56f\eula.3082.rtf
c:\9e372c74e96325c6ca7118d322d56f\gencomp.dll
c:\9e372c74e96325c6ca7118d322d56f\HtmlLite.dll
c:\9e372c74e96325c6ca7118d322d56f\locdata.1025.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1028.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1029.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1030.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1031.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1032.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1035.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1036.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1037.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1038.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1040.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1041.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1042.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1043.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1044.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1045.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1046.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1049.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1053.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.1055.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.2052.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.2070.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.3082.ini
c:\9e372c74e96325c6ca7118d322d56f\locdata.ini
c:\9e372c74e96325c6ca7118d322d56f\logo.bmp
c:\9e372c74e96325c6ca7118d322d56f\setup.exe
c:\9e372c74e96325c6ca7118d322d56f\setup.sdb
c:\9e372c74e96325c6ca7118d322d56f\setupres.1025.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1028.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1029.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1030.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1031.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1032.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1035.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1036.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1037.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1038.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1040.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1041.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1042.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1043.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1044.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1045.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1046.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1049.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1053.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.1055.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.2052.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.2070.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.3082.dll
c:\9e372c74e96325c6ca7118d322d56f\setupres.dll
c:\9e372c74e96325c6ca7118d322d56f\SITSetup.dll
c:\9e372c74e96325c6ca7118d322d56f\vs_setup.dll
c:\9e372c74e96325c6ca7118d322d56f\vs_setup.MS_
c:\9e372c74e96325c6ca7118d322d56f\vs_setup.pdi
c:\9e372c74e96325c6ca7118d322d56f\vs70uimgr.dll
c:\9e372c74e96325c6ca7118d322d56f\vsbasereqs.dll
c:\9e372c74e96325c6ca7118d322d56f\vsscenario.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1025.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1028.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1029.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1030.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1031.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1032.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1035.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1036.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1037.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1038.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1040.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1041.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1042.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1043.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1044.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1045.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1046.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1049.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1053.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.1055.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.2052.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.2070.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.3082.dll
c:\9e372c74e96325c6ca7118d322d56f\WapRes.dll
c:\9e372c74e96325c6ca7118d322d56f\WapUI.dll
c:\windows\ahugeteko.dll
c:\windows\ajuzacan.dll
c:\windows\alutayol.dll
c:\windows\aromaquden.dll
c:\windows\ebiqaquhe.dll
c:\windows\efimiyuvacas.dll
c:\windows\ekawogepukog.dll
c:\windows\elolohoqusiwoj.dll
c:\windows\etozewujonafaz.dll
c:\windows\evibeqixiwuhuqe.dll
c:\windows\ewiruboh.dll
c:\windows\ezizehuj.dll
c:\windows\imefefelavarowi.dll
c:\windows\isatanab.dll
c:\windows\itofuzawo.dll
c:\windows\itozecec.dll
c:\windows\ivihudusibo.dll
c:\windows\ivufegizutaz.dll
c:\windows\odomuyosamavabow.dll
c:\windows\ogeqoyejamiyum.dll
c:\windows\omokamika.dll
c:\windows\oroteroyowuyazam.dll
c:\windows\osewaxohe.dll
c:\windows\otitamag.dll
c:\windows\uvidubadisuvu.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 04:44 . 2009-11-18 05:06 -------- d-----w- c:\windows\LastGood
2009-11-16 05:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-16 05:47 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-16 05:47 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-11-13 00:36 . 2009-11-13 00:36 -------- d-----w- c:\program files\Trend Micro
2009-11-11 15:18 . 2009-11-11 15:19 -------- d-----w- c:\program files\ERUNT
2009-11-11 14:48 . 2009-11-11 14:49 -------- d-----w- c:\documents and settings\Missy\Local Settings\Application Data\Deployment
2009-11-11 05:29 . 2009-11-11 05:29 87400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 05:27 . 2009-11-11 05:27 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-11 05:26 . 2009-11-11 05:26 -------- d-----w- c:\program files\MSBuild
2009-11-11 05:26 . 2009-11-11 05:26 -------- d-----w- c:\program files\Reference Assemblies
2009-11-11 05:24 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-11 05:24 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-11-11 05:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-11 05:24 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-11-11 05:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-11 05:24 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-11-11 05:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-11 03:58 . 2009-11-11 03:58 152576 ----a-w- c:\documents and settings\Missy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 02:31 . 2009-11-11 02:31 -------- d-----w- c:\program files\CCleaner
2009-11-11 02:27 . 2009-11-11 03:57 79488 ----a-w- c:\documents and settings\Missy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 05:08 . 2007-04-28 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-18 04:56 . 2007-04-28 16:13 -------- d-----w- c:\program files\McAfee
2009-11-18 04:40 . 2007-05-03 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-11-18 04:40 . 2007-05-03 03:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-11-18 04:39 . 2008-11-16 15:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-16 05:21 . 2007-04-28 16:18 -------- d-----w- c:\program files\Google
2009-11-12 23:30 . 2007-04-28 15:48 52703 ----a-w- c:\windows\system32\nvModes.dat
2009-11-11 14:48 . 2007-04-28 16:23 27192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 04:07 . 2008-02-17 19:08 -------- d-----w- c:\program files\Nick Arcade
2009-11-11 04:06 . 2007-05-14 14:13 -------- d-----w- c:\program files\CEIVA Sender
2009-11-11 03:59 . 2007-04-28 16:01 -------- d-----w- c:\program files\Java
2009-10-11 09:17 . 2008-12-26 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-16 15:22 . 2007-04-28 16:14 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2007-04-28 16:14 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2007-04-28 16:14 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2007-04-28 16:14 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2007-04-28 16:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-11 22:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-11 22:00 17408 ------w- c:\windows\system32\corpol.dll
2008-03-08 16:43 . 2007-07-12 05:19 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-03-08 16:43 . 2007-07-12 05:19 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-03-08 16:43 . 2007-07-12 05:19 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-03-08 16:43 . 2007-07-12 05:19 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-03-08 16:43 . 2007-07-12 05:19 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-16_10.22.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 04:40 . 2009-11-18 04:40 16384 c:\windows\Temp\Perflib_Perfdata_ea0.dat
+ 2009-11-18 04:39 . 2009-11-18 04:39 16384 c:\windows\Temp\Perflib_Perfdata_774.dat
+ 2005-05-26 08:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-11 22:12 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-04-28 16:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-04-28 16:09 . 2007-07-27 15:41 26488 c:\windows\system32\spupdsvc.exe
- 2007-04-28 16:09 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2007-05-31 02:48 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2007-05-31 02:48 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
- 2004-08-11 22:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 22:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2006-11-08 01:03 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 01:03 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 07:26 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 07:26 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
- 2004-08-11 22:00 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
- 2004-08-11 22:00 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 15:58 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 15:58 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
+ 2004-08-11 22:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2004-08-11 22:12 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-05-11 11:05 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-11 11:05 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2007-04-28 15:59 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-11 11:05 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-11 11:05 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 07:26 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 07:26 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-08-29 07:36 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 07:26 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 07:26 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-12-07 02:21 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-08-29 07:36 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2007-05-02 19:18 . 2009-11-16 04:35 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-02 19:18 . 2009-11-16 10:26 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-02 19:18 . 2009-11-16 10:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-02 19:18 . 2009-11-16 04:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-05-02 19:18 . 2009-11-16 10:26 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-05-02 19:18 . 2009-11-16 04:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 22:00 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-08-11 22:00 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-11-18 05:06 . 2008-04-14 00:12 23040 c:\windows\LastGood\system32\psapi.dll
+ 2007-04-28 16:18 . 2009-11-16 10:32 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 23040 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 27136 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 11264 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 12288 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-11-16 10:35 . 2009-11-16 10:35 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-12-11 08:04 . 2008-12-11 08:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-11-16 10:36 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-11-16 10:36 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-11-16 10:36 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-11-16 10:36 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_62f3a395\System.Drawing.Design.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_78e239b0\CustomMarshalers.dll
+ 2007-04-28 16:18 . 2009-11-16 10:32 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 4096 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-11 22:00 . 2009-07-14 04:43 286208 c:\windows\system32\wmpdxm.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-11 22:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-08-11 22:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2005-05-26 08:19 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
+ 2007-05-04 10:58 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-11 22:00 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 01:03 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 01:03 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-11 22:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 22:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-11 22:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2004-08-11 22:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2004-08-11 22:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 15:57 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 15:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 22:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 22:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
- 2004-08-11 22:06 . 2009-11-11 14:33 152384 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:06 . 2009-11-18 04:39 152384 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 22:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 22:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2007-04-28 16:14 . 2009-07-16 17:32 120136 c:\windows\system32\drivers\Mpfp.sys
+ 2009-07-14 04:43 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 01:03 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 01:03 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 16:05 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 16:05 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2008-10-15 15:50 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2009-06-25 08:25 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-10-17 16:04 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 16:04 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-11 11:05 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-11 11:05 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 16:04 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-11 11:05 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 07:27 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-11 11:05 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 07:25 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 07:25 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 07:27 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 07:27 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 07:26 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 07:26 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-04-28 15:59 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-04-28 15:59 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 07:26 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 07:26 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-11 22:00 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2004-08-11 22:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-18 04:47 . 2008-10-16 19:06 208744 c:\windows\LastGood\system32\muweb.dll
+ 2009-11-18 04:47 . 2008-10-16 19:06 268648 c:\windows\LastGood\system32\mucltui.dll
- 2007-04-28 16:18 . 2008-12-11 08:03 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 409600 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 286720 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 794624 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-04-28 16:18 . 2008-12-11 08:03 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-04-28 16:18 . 2009-11-16 10:32 135168 c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-11-16 10:36 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-11-16 10:36 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-11-16 10:36 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-11-16 10:36 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-11-16 10:36 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_3117eb2b\System.Drawing.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f371db40\System.Drawing.Design.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2eb16ea0\CustomMarshalers.dll
+ 2004-08-11 22:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-11 22:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-11 22:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-11 22:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll
+ 2006-11-08 01:03 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-06 03:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2008-10-15 15:49 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2007-04-28 15:59 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-15 15:49 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 15:49 . 2008-08-14 10:11 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 15:49 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 15:49 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 15:49 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 15:49 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 15:49 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 15:49 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-04-28 15:59 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-11 11:05 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-11 11:05 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-07-27 09:31 . 2009-07-27 09:31 3738624 c:\windows\Installer\10be8c5.msp
+ 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\10be8b7.msp
+ 2009-10-22 17:28 . 2009-10-22 17:28 5521408 c:\windows\Installer\10be890.msp
+ 2009-11-16 10:36 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-11-16 10:36 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-11-16 10:36 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-11-16 10:36 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat
- 2008-10-15 15:49 . 2008-08-14 10:11 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 15:49 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 15:49 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 15:49 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 15:49 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 15:49 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 15:49 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 15:49 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-16 10:32 . 2009-11-16 10:32 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_e173aa23\System.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_dae07e54\System.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e944ee91\System.Xml.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_236ddb86\System.Xml.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f36b7c92\System.Windows.Forms.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a7935c2c\System.Windows.Forms.dll
+ 2009-11-18 04:40 . 2009-11-18 04:40 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_83cca30c\System.Drawing.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9bfa316e\System.Design.dll
+ 2009-11-18 04:40 . 2009-11-18 04:40 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3471c507\System.Design.dll
+ 2009-11-18 04:40 . 2009-11-18 04:40 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2d0625fd\mscorlib.dll
+ 2009-11-16 10:32 . 2009-11-16 10:32 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2652b3f3\mscorlib.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-07-11 21:51 . 2007-07-11 21:51 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-11-16 10:31 . 2009-11-16 10:31 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 21:51 . 2007-07-11 21:51 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2004-08-11 22:00 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
+ 2009-07-14 04:43 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-11-16 10:32 . 2009-11-16 10:32 15709696 c:\windows\Installer\10be8be.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\10be8a7.msp
+ 2009-02-26 00:07 . 2009-02-26 00:07 11646464 c:\windows\Installer\10be87f.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-31 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"HostManager"="c:\program files\Common Files\AOL\1203051387\ee\AOLSoftware.exe" [2007-05-25 42032]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Rodney Adkins\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-28 24576]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1203051387\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [4/28/2007 10:43 AM 77952]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [4/28/2007 10:43 AM 77952]
S1 c4cb40ae;c4cb40ae;c:\windows\system32\drivers\c4cb40ae.sys [12/25/2008 10:22 PM 0]
S2 0021541258520208mcinstcleanup;McAfee Application Installer Cleanup (0021541258520208);c:\windows\TEMP\002154~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\002154~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 GTKCMOS;GTKCMOS;c:\windows\system32\GTKCMOS.sys [6/15/2004 2:55 PM 7882]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [11/7/2006 8:32 AM 99200]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - mfehidk01
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2008-12-22 c:\windows\Tasks\McafeeQuickClean.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:22]
2009-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:22]
2008-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-04-28 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baltimoresun.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search - ?p=ZJxdm035MHUS
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Missy\Application Data\Mozilla\Firefox\Profiles\zg89q6bn.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=20011&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 00:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\MFC71ENU.DLL
.
Completion time: 2009-11-18 00:25
ComboFix-quarantined-files.txt 2009-11-18 05:25
ComboFix2.txt 2009-11-16 10:32
Pre-Run: 33,667,100,672 bytes free
Post-Run: 33,732,431,872 bytes free
- - End Of File - - 90D858A4E07AC64BF6546DAE748250B6
adkinsrodney
2009-11-19, 16:20
Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 5.1.2600 Service Pack 3
11/18/2009 7:42:28 AM
mbam-log-2009-11-18 (07-42-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 200861
Time elapsed: 45 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 65
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\alfqentw.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\aqpbouph.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\yuqpba.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\svhost.exe.vir (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\Udukuzuwocucaf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnomKcY.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccCrqOH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBsppqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkse73hedfdgf.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lwtvkdyc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnkKDss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSirxb.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSktkl.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSlmjf.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSocum.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tnnpsikn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\udugetot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wawmck.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywVMdB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xzjzii.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpcuu.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0081814.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0081815.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0081816.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP358\A0081817.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081909.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081910.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081912.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081941.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081942.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081908.exe (Rogue.MSAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081945.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081949.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081951.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081953.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081954.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081955.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0081958.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066644.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066646.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066647.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066649.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066650.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066651.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066662.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066667.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066668.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066669.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066670.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066672.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066673.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066674.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066675.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066676.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066677.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066678.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP307\A0066661.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
adkinsrodney
2009-11-19, 16:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:01 AM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Common Files\AOL\1203051387\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baltimoresun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070428
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5a263cf7-56a6-4d68-a8cf-345be45bc911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {5ca3d70e-1895-11cf-8e15-001234567890} - (no file)
O2 - BHO: (no name) - {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - (no file)
O2 - BHO: scriptproxy - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203051387\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJxdm035MHUS
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179407920578
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://topdownconsulting.webex.com/client/T25L/webex/ieatgpc.cab
O23 - Service: McAfee Application Installer Cleanup (0021541258520208) (0021541258520208mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\002154~1.EXE (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 14161 bytes
Hi adkinsrodney
looks better :bigthumb:
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5a263cf7-56a6-4d68-a8cf-345be45bc911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {5ca3d70e-1895-11cf-8e15-001234567890} - (no file)
O2 - BHO: (no name) - {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Clean temp files
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
3 - Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the Eset online scannner report
2. a fresh HijackThis log
Thanks peku006
Due to a lack of response, this topic is now closed
If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)