Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.
You can also let Win update do it's thing and run.
Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.
You can also let Win update do it's thing and run.
IndiGenus
Judging by the post where I mentioned it, plus the time required for me to get to my laptop and post I'd estimate about 20 minutes, but it just recently (while I was typing this) kicked back into action and said it had to disable my virtual CD drives for ComboFix to work, so apparently it IS still doing something.
Er, now it appears to be displaying various errors of things failing to initialize because "the workstation is shutting down".
I didn't let Windows Update count all the way down, and it certainly doesn't LOOK like anything is getting ready to reboot or shut down.
Alright, I have to head out for the next several hours. Let it do it's thing. If it shuts down or restarts just let it update and run DDS. Post the logs you have.
IndiGenus
Despite the blips ComboFix did it's thing, here is the log and the DDS report:
ComboFix.txt
ComboFix 10-07-10.01 - HP_Administrator 07/11/2010 13:24:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1435 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-11 18:24 . 2010-07-11 18:24 -------- d-----w- c:\windows\LastGood
2010-07-11 17:28 . 2010-07-11 17:28 -------- d-----w- c:\program files\MSXML 6.0
2010-07-11 09:06 . 2010-07-11 09:06 -------- d-----w- c:\windows\ServicePackFiles
2010-07-11 09:05 . 2010-07-11 09:05 -------- d-----w- c:\windows\ie8updates
2010-07-11 03:44 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-11 03:44 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-11 03:44 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-11 03:44 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-11 03:44 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-11 03:44 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-11 03:44 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-11 03:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:22 . 2010-07-11 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:18 . 2010-07-06 18:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 01:08 . 2010-07-11 01:08 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2010-07-07 18:19 . 2010-07-07 18:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-07 01:07 . 2010-07-07 01:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-06 18:18 . 2010-07-06 18:18 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-06 18:12 . 2010-06-21 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 18:10 . 2010-07-06 18:11 -------- d-----w- c:\program files\ERUNT
2010-07-06 17:57 . 2010-07-06 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-06 17:57 . 2010-07-06 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 17:48 . 2010-07-06 17:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
2010-07-06 17:47 . 2010-07-06 17:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2010-07-06 17:47 . 2010-06-21 17:52 2978768 -c--a-w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 18:16 . 2008-12-18 23:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-06 19:04 . 2006-02-22 15:28 -------- d-----w- c:\program files\Google
2010-07-06 19:01 . 2008-04-21 02:56 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-06 18:16 . 2006-11-02 21:25 -------- d-----w- c:\program files\Virtools
2010-07-06 17:45 . 2009-01-04 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-06 17:45 . 2006-06-03 20:43 -------- d-----w- c:\program files\Lavasoft
2010-07-05 04:38 . 2009-12-22 04:22 -------- d-----w- c:\program files\Trillian
2010-07-01 02:59 . 2006-06-09 07:27 -------- d-----w- c:\program files\Clash N Slash
2010-07-01 02:56 . 2006-09-16 04:31 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-01 02:56 . 2008-08-22 19:05 -------- d-----w- c:\program files\AVS4YOU
2010-07-01 02:54 . 2006-02-22 15:03 -------- d-----w- c:\program files\WildTangent
2010-07-01 02:36 . 2006-02-22 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-01 02:29 . 2009-05-14 00:24 -------- d-----w- c:\program files\The Crystal Key
2010-07-01 01:59 . 2006-06-05 03:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-06-27 21:17 . 2007-03-30 03:02 -------- d-----w- c:\program files\WinFF
2010-06-17 21:22 . 2006-11-11 01:03 8654 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-05-06 10:41 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2006-10-24 05:29 . 2007-04-22 23:07 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
2006-10-24 05:11 . 2007-04-22 23:07 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
2006-10-24 04:38 . 2007-04-22 23:07 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
2007-05-23 00:14 . 2007-07-30 05:16 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 . 2007-07-30 05:16 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2010-03-22 03:40 . 2010-03-22 03:40 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-07-11_01.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-11 18:17 . 2010-07-11 18:17 16384 c:\windows\Temp\Perflib_Perfdata_358.dat
+ 2005-05-26 09:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-07-11 03:12 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-07-11 03:12 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2005-08-30 21:07 . 2010-07-11 01:12 71844 c:\windows\system32\perfc009.dat
+ 2005-08-30 21:07 . 2010-07-11 18:22 71844 c:\windows\system32\perfc009.dat
+ 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
+ 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-09-29 23:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2004-10-07 22:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2004-08-03 21:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-08-03 21:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-08-03 21:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-08-03 21:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-08-03 21:11 . 2007-01-02 21:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-08-03 21:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2002-06-21 16:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
- 2002-06-21 16:31 . 2002-06-21 16:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2010-07-11 09:05 . 2010-07-11 09:05 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-03-23 00:13 . 2007-03-23 00:13 23904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL
+ 2010-07-11 17:22 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-07-11 17:22 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-07-11 17:22 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ecfb2d75\System.Drawing.Design.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fa95f330\CustomMarshalers.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_c1e00650\System.Drawing.Design.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_33431662\CustomMarshalers.dll
+ 2004-07-19 17:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2004-07-19 17:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
- 2005-08-30 21:07 . 2010-07-11 01:12 440936 c:\windows\system32\perfh009.dat
+ 2005-08-30 21:07 . 2010-07-11 18:22 440936 c:\windows\system32\perfh009.dat
+ 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
+ 2008-03-14 00:56 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
+ 2008-03-14 00:56 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-09 21:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-19 17:54 . 2004-07-19 17:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-19 17:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-08-03 21:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-03 21:11 . 2007-01-02 21:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2010-07-11 17:42 . 2010-07-11 17:42 969728 c:\windows\Installer\3090ca7.msi
+ 2010-07-11 17:15 . 2010-07-11 17:15 195584 c:\windows\Installer\3090c27.msi
+ 2010-07-11 09:05 . 2010-07-11 09:05 429568 c:\windows\Installer\145b8ea.msi
- 2006-02-22 15:13 . 2008-12-11 09:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-02-22 15:13 . 2010-07-11 17:21 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-02-22 15:13 . 2008-12-11 09:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-09-01 01:29 . 2008-12-11 09:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2006-09-01 01:29 . 2010-07-11 17:21 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-23 21:10 . 2008-07-23 21:10 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL
+ 2010-07-11 17:22 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-07-11 17:22 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-07-11 17:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-07-11 17:22 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-07-11 17:22 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-07-11 17:22 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-07-11 17:22 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-07-11 17:22 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-07-11 17:20 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-07-11 17:20 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-07-11 17:20 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-07-11 09:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-07-11 09:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-07-11 09:05 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-10 03:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll
+ 2010-07-11 17:18 . 2010-07-11 17:18 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1fbc7524\System.Drawing.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6547e81b\System.Drawing.Design.dll
+ 2010-07-11 17:22 . 2010-07-11 17:22 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2a82bbd0\CustomMarshalers.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_4b56e27b\System.Drawing.dll
+ 2010-07-11 09:03 . 2010-07-11 09:03 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2010-07-11 18:18 . 2010-07-11 18:18 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
- 2006-02-22 14:30 . 2006-02-22 14:30 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
+ 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\WMVCore.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
- 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2009-08-19 22:07 . 2009-08-19 22:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 3555328 c:\windows\system32\dllcache\moviemk.exe
+ 2004-08-09 21:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-19 17:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-19 17:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-07-19 17:54 . 2007-01-02 21:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-19 17:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-19 17:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-19 17:54 . 2007-01-02 21:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-19 17:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-19 17:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\3090c7c.msp
+ 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\3090c53.msp
+ 2010-05-03 21:06 . 2010-05-03 21:06 5053952 c:\windows\Installer\145b8d0.msp
+ 2010-03-30 17:34 . 2010-03-30 17:34 3826688 c:\windows\Installer\145b8b8.msp
+ 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
+ 2007-04-30 19:57 . 2007-04-30 19:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
+ 2010-07-11 17:22 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-07-11 17:22 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-07-11 17:22 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fa5d297b\System.dll
+ 2010-07-11 17:22 . 2010-07-11 17:22 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1c83db5f\System.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e88cfbaa\System.Xml.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e325d47f\System.Xml.dll
+ 2010-07-11 17:17 . 2010-07-11 17:17 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b9557784\System.Windows.Forms.dll
+ 2010-07-11 17:23 . 2010-07-11 17:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_67c8a858\System.Windows.Forms.dll
+ 2010-07-11 17:24 . 2010-07-11 17:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0fab4b1f\System.Drawing.dll
+ 2010-07-11 17:24 . 2010-07-11 17:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e1485b98\System.Design.dll
+ 2010-07-11 17:18 . 2010-07-11 17:18 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_56d9d2e0\System.Design.dll
+ 2010-07-11 17:19 . 2010-07-11 17:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e91d86a1\mscorlib.dll
+ 2010-07-11 17:25 . 2010-07-11 17:25 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bd06077e\mscorlib.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_d7474b41\System.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f0f6e3be\System.Xml.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_2bfc1407\System.Windows.Forms.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_6408680c\System.Design.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_734534f4\mscorlib.dll
- 2007-07-11 18:28 . 2007-07-11 18:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-07-11 17:16 . 2010-07-11 17:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-07-11 17:16 . 2010-07-11 17:16 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 18:28 . 2007-07-11 18:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 18:27 . 2007-07-11 18:27 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-11 09:02 . 2010-07-11 09:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2010-07-11 17:29 . 2010-07-11 17:29 15710720 c:\windows\Installer\3090ca0.msp
+ 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\3090c3e.msp
+ 2010-07-11 17:22 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 00:19 77312 ----a-w- c:\windows\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-11-11 21:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-11-11 21:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2005-11-01 10:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2001-09-10 14:08 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-12 19:57 1238352 ----a-w- c:\program files\Valve\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\zombie driver\\Release\\ZombieDriver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1626:TCP"= 1626:TCP:Robotrage
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/6/2010 1:12 PM 64288]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [6/2/2006 9:58 AM 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/21/2010 12:44 PM 1352832]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/23/2008 12:50 AM 23200]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [8/22/2006 2:55 AM 31744]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [6/2/2006 7:39 PM 636416]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [8/3/2009 3:52 PM 247808]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [8/3/2009 3:52 PM 253184]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [8/3/2009 3:53 PM 34944]
S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 11:08 PM 133104]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [6/9/2006 2:19 AM 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/2/2006 11:49 PM 643072]
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 18:11]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
MSConfigStartUp-Gizmo Project - c:\program files\Gizmo Project\Gizmo.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 13:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-11 13:39:41
ComboFix-quarantined-files.txt 2010-07-11 18:39
ComboFix2.txt 2010-07-11 01:48
Pre-Run: 46,906,613,760 bytes free
Post-Run: 46,886,268,928 bytes free
- - End Of File - - E44D27E023662B2328C812353CC7A134
------------------------------------------------
DDS Log
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 13:42:58.70 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1256 [GMT -5:00]
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [trutil0] c:\windows\system32\trutil01.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t445rp2p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozill~1\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\progra~1\mozill~1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R?2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-3 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-3 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-3 151297]
R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2006-6-2 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1352832]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-1-23 23200]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-22 31744]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-3 52056]
R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2006-6-2 636416]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [2009-8-3 247808]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [2009-8-3 253184]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2009-8-3 34944]
S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-9 223128]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2010-07-11 17:28:46 0 d-----w- c:\program files\MSXML 6.0
2010-07-11 09:06:39 0 d-----w- c:\windows\ServicePackFiles
2010-07-11 09:05:53 0 d-----w- c:\windows\ie8updates
2010-07-11 03:44:51 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-11 03:44:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-11 03:44:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-11 03:44:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-11 03:44:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-11 03:44:48 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-11 03:44:46 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-11 03:22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 03:22:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:18:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 01:13:55 0 d-sha-r- C:\cmdcons
2010-07-11 01:09:07 77312 ----a-w- c:\windows\MBR.exe
2010-07-11 01:09:06 98816 ----a-w- c:\windows\sed.exe
2010-07-11 01:09:06 256512 ----a-w- c:\windows\PEV.exe
2010-07-11 01:09:06 161792 ----a-w- c:\windows\SWREG.exe
2010-07-06 18:12:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:57:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 17:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-06 17:47:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
==================== Find3M ====================
2010-06-17 21:22:10 8654 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:41:52 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:41:52 5950976 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:41:52 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:41:52 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:41:51 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:41:50 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:41:48 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2006-10-24 05:29:02 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
2006-10-24 05:11:06 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
2006-10-24 04:38:10 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
2001-09-10 15:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
2001-09-10 14:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
2001-08-18 00:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
2001-08-04 00:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
2001-06-29 14:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
2010-03-22 03:40:38 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 13:43:11.20 ===============
Looks like it did what we needed it to.
One more scan in order I think, unless there are any problems.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Also,
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
IndiGenus
Just checking in to say that I started the scan a few minutes after you posted the directions for them, but it has taken a painstakingly long time, currently it's 79% and that's after about 4 hours - two of which were devoted to downloading updates I believe. I'm going to let it run overnight and should be able to post the logs in the morning, but from the afternoon of the 12th until the evening of the 14th I will be out of town.
Well apparently Windows Update rebooted the computer sometime between now and my last post so I didn't get the log, and since the scan last time had taken about 7 hours before I decided to go to bed I cannot run it again until I return home in a couple of days, but whenever I return I'll start it up first thing.