Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 52

Thread: "File Loader", loader.exe/smss.exe, iexplore.exe, and Volume Control bugs.

  1. 2010-07-11, 20:00 #31
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.

    You can also let Win update do it's thing and run.
    IndiGenus
  2. 2010-07-11, 20:02 #32
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Quote Originally Posted by IndiGenus View Post
    Please run and post a new DDS log. We're not doing very much new with combofix. Just cleaning up some dead entries and unlocking a reg key.

    You can also let Win update do it's thing and run.
    Is it safe to close the window and reboot? It won't stop the middle of an important process and potentially mess anything up will it? Just want to make sure because I read about 3 warnings about ComboFix before I ran it.
  3. 2010-07-11, 20:09 #33
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Quote Originally Posted by RMIII View Post
    Is it safe to close the window and reboot? It won't stop the middle of an important process and potentially mess anything up will it? Just want to make sure because I read about 3 warnings about ComboFix before I ran it.
    How long has it been going for? We probably want to let it finish whatever it's doing.
    IndiGenus
  4. 2010-07-11, 20:11 #34
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Quote Originally Posted by IndiGenus View Post
    How long has it been going for? We probably want to let it finish whatever it's doing.
    Judging by the post where I mentioned it, plus the time required for me to get to my laptop and post I'd estimate about 20 minutes, but it just recently (while I was typing this) kicked back into action and said it had to disable my virtual CD drives for ComboFix to work, so apparently it IS still doing something.
  5. 2010-07-11, 20:13 #35
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Er, now it appears to be displaying various errors of things failing to initialize because "the workstation is shutting down".

    I didn't let Windows Update count all the way down, and it certainly doesn't LOOK like anything is getting ready to reboot or shut down.
  6. 2010-07-11, 20:21 #36
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Alright, I have to head out for the next several hours. Let it do it's thing. If it shuts down or restarts just let it update and run DDS. Post the logs you have.
    IndiGenus
  7. 2010-07-11, 20:43 #37
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Despite the blips ComboFix did it's thing, here is the log and the DDS report:

    ComboFix.txt
    ComboFix 10-07-10.01 - HP_Administrator 07/11/2010 13:24:10.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1435 [GMT -5:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
    .

    2010-07-11 18:24 . 2010-07-11 18:24 -------- d-----w- c:\windows\LastGood
    2010-07-11 17:28 . 2010-07-11 17:28 -------- d-----w- c:\program files\MSXML 6.0
    2010-07-11 09:06 . 2010-07-11 09:06 -------- d-----w- c:\windows\ServicePackFiles
    2010-07-11 09:05 . 2010-07-11 09:05 -------- d-----w- c:\windows\ie8updates
    2010-07-11 03:44 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-07-11 03:44 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-07-11 03:44 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-07-11 03:44 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-07-11 03:44 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-11 03:44 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-07-11 03:44 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-07-11 03:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-11 03:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-11 03:22 . 2010-07-11 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-11 01:18 . 2010-07-06 18:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-11 01:08 . 2010-07-11 01:08 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
    2010-07-07 18:19 . 2010-07-07 18:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-07-07 01:07 . 2010-07-07 01:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-07-06 18:18 . 2010-07-06 18:18 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-07-06 18:12 . 2010-06-21 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-07-06 18:10 . 2010-07-06 18:11 -------- d-----w- c:\program files\ERUNT
    2010-07-06 17:57 . 2010-07-06 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-06 17:57 . 2010-07-06 18:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-06 17:48 . 2010-07-06 17:48 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
    2010-07-06 17:47 . 2010-07-06 17:47 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
    2010-07-06 17:47 . 2010-06-21 17:52 2978768 -c--a-w- c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-11 18:16 . 2008-12-18 23:58 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-06 19:04 . 2006-02-22 15:28 -------- d-----w- c:\program files\Google
    2010-07-06 19:01 . 2008-04-21 02:56 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-06 18:16 . 2006-11-02 21:25 -------- d-----w- c:\program files\Virtools
    2010-07-06 17:45 . 2009-01-04 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-07-06 17:45 . 2006-06-03 20:43 -------- d-----w- c:\program files\Lavasoft
    2010-07-05 04:38 . 2009-12-22 04:22 -------- d-----w- c:\program files\Trillian
    2010-07-01 02:59 . 2006-06-09 07:27 -------- d-----w- c:\program files\Clash N Slash
    2010-07-01 02:56 . 2006-09-16 04:31 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-07-01 02:56 . 2008-08-22 19:05 -------- d-----w- c:\program files\AVS4YOU
    2010-07-01 02:54 . 2006-02-22 15:03 -------- d-----w- c:\program files\WildTangent
    2010-07-01 02:36 . 2006-02-22 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-01 02:29 . 2009-05-14 00:24 -------- d-----w- c:\program files\The Crystal Key
    2010-07-01 01:59 . 2006-06-05 03:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
    2010-06-27 21:17 . 2007-03-30 03:02 -------- d-----w- c:\program files\WinFF
    2010-06-17 21:22 . 2006-11-11 01:03 8654 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
    2010-05-06 10:41 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2006-10-24 05:29 . 2007-04-22 23:07 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
    2006-10-24 05:11 . 2007-04-22 23:07 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
    2006-10-24 04:38 . 2007-04-22 23:07 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
    2007-05-23 00:14 . 2007-07-30 05:16 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
    2007-05-23 00:17 . 2007-07-30 05:16 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
    2010-03-22 03:40 . 2010-03-22 03:40 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-07-11_01.46.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-07-11 18:17 . 2010-07-11 18:17 16384 c:\windows\Temp\Perflib_Perfdata_358.dat
    + 2005-05-26 09:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
    + 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
    + 2010-07-11 03:12 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
    + 2010-07-11 03:12 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
    - 2005-08-30 21:07 . 2010-07-11 01:12 71844 c:\windows\system32\perfc009.dat
    + 2005-08-30 21:07 . 2010-07-11 18:22 71844 c:\windows\system32\perfc009.dat
    + 2009-03-08 09:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
    - 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
    - 2004-08-09 21:00 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
    + 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
    + 2004-08-09 21:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
    + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
    - 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2004-09-29 23:11 . 2009-06-24 17:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
    + 2004-10-07 22:36 . 2009-06-24 17:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
    - 2004-08-03 21:12 . 2007-01-02 21:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    + 2004-08-03 21:12 . 2009-06-24 03:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
    - 2004-08-03 21:12 . 2007-01-02 21:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    + 2004-08-03 21:12 . 2009-06-24 03:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
    - 2004-08-03 21:11 . 2007-01-02 21:34 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2004-08-03 21:11 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
    + 2002-06-21 16:31 . 2009-06-24 03:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    - 2002-06-21 16:31 . 2002-06-21 16:31 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
    + 2010-07-11 09:05 . 2010-07-11 09:05 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2007-03-23 00:05 . 2007-03-23 00:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
    + 2007-03-23 00:13 . 2007-03-23 00:13 23904 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL
    + 2010-07-11 17:22 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
    + 2010-07-11 17:22 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
    + 2010-07-11 17:22 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
    + 2010-07-11 17:17 . 2010-07-11 17:17 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ecfb2d75\System.Drawing.Design.dll
    + 2010-07-11 17:17 . 2010-07-11 17:17 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_fa95f330\CustomMarshalers.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_c1e00650\System.Drawing.Design.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_33431662\CustomMarshalers.dll
    + 2004-07-19 17:54 . 2009-06-29 16:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2004-07-19 17:54 . 2007-01-02 21:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
    + 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
    + 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll
    + 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
    + 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
    - 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
    - 2005-08-30 21:07 . 2010-07-11 01:12 440936 c:\windows\system32\perfh009.dat
    + 2005-08-30 21:07 . 2010-07-11 18:22 440936 c:\windows\system32\perfh009.dat
    + 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
    + 2008-03-14 00:56 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll
    + 2008-03-14 00:56 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll
    + 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
    - 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
    + 2009-03-08 09:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
    + 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
    - 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
    - 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
    + 2004-08-09 21:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
    + 2004-08-09 21:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
    + 2004-08-09 21:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
    + 2004-08-09 21:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
    + 2004-08-09 21:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
    + 2004-08-09 21:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
    - 2004-08-09 21:00 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
    + 2004-08-09 21:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
    + 2004-08-09 21:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
    - 2004-08-09 21:00 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
    - 2004-08-09 21:00 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2004-08-09 21:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2004-08-09 21:00 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
    - 2004-08-09 21:00 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2004-07-19 17:54 . 2004-07-19 17:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    + 2004-07-19 17:54 . 2009-06-24 02:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
    + 2004-08-03 21:11 . 2009-06-24 03:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    - 2004-08-03 21:11 . 2007-01-02 21:34 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
    + 2010-07-11 17:42 . 2010-07-11 17:42 969728 c:\windows\Installer\3090ca7.msi
    + 2010-07-11 17:15 . 2010-07-11 17:15 195584 c:\windows\Installer\3090c27.msi
    + 2010-07-11 09:05 . 2010-07-11 09:05 429568 c:\windows\Installer\145b8ea.msi
    - 2006-02-22 15:13 . 2008-12-11 09:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-02-22 15:13 . 2010-07-11 17:21 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-02-22 15:13 . 2008-12-11 09:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-09-01 01:29 . 2008-12-11 09:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2006-09-01 01:29 . 2010-07-11 17:21 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-07-23 21:10 . 2008-07-23 21:10 103776 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL
    + 2010-07-11 17:22 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
    + 2010-07-11 17:22 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
    + 2010-07-11 17:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
    + 2010-07-11 17:22 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
    + 2010-07-11 17:22 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
    + 2010-07-11 17:22 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
    + 2010-07-11 17:22 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
    + 2010-07-11 17:22 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
    + 2010-07-11 17:22 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
    + 2010-07-11 17:22 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
    + 2010-07-11 17:22 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
    + 2010-07-11 17:20 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    + 2010-07-11 17:20 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    + 2010-07-11 17:20 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2010-07-11 09:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2010-07-11 09:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2010-07-11 09:05 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2004-08-10 03:11 . 2009-08-18 15:55 179712 c:\windows\ehome\ehkeyctl.dll
    + 2010-07-11 17:18 . 2010-07-11 17:18 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_1fbc7524\System.Drawing.dll
    + 2010-07-11 17:23 . 2010-07-11 17:23 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_6547e81b\System.Drawing.Design.dll
    + 2010-07-11 17:22 . 2010-07-11 17:22 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_2a82bbd0\CustomMarshalers.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_4b56e27b\System.Drawing.dll
    + 2010-07-11 09:03 . 2010-07-11 09:03 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2010-07-11 18:18 . 2010-07-11 18:18 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
    - 2006-02-22 14:30 . 2006-02-22 14:30 122880 c:\windows\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\ehiwmp.dll
    + 2009-07-21 05:03 . 2009-07-21 05:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
    + 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
    + 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\WMVCore.dll
    + 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll
    - 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\wmp.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
    + 2009-08-19 22:07 . 2009-08-19 22:07 1415000 c:\windows\system32\msxml6.dll
    + 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\system32\msxml4.dll
    + 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
    + 2009-03-08 09:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
    + 2004-08-09 21:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
    + 2004-08-09 21:00 . 2010-04-03 09:27 2334720 c:\windows\system32\dllcache\WMVCore.dll
    + 2004-08-09 21:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll
    - 2004-08-09 21:00 . 2007-04-30 13:20 5537792 c:\windows\system32\dllcache\wmp.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
    + 2004-08-09 21:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
    + 2004-08-09 21:00 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
    - 2004-08-09 21:00 . 2004-08-09 21:00 3555328 c:\windows\system32\dllcache\moviemk.exe
    + 2004-08-09 21:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe
    - 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2004-07-19 17:54 . 2009-06-29 16:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    - 2004-07-19 17:54 . 2007-01-02 21:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
    - 2004-07-19 17:54 . 2007-01-02 21:28 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2004-07-19 17:54 . 2009-06-24 03:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    + 2004-07-19 17:54 . 2009-06-24 03:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    - 2004-07-19 17:54 . 2007-01-02 21:28 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
    - 2004-07-19 17:54 . 2007-01-02 21:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    + 2004-07-19 17:54 . 2009-06-29 16:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
    + 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\3090c7c.msp
    + 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\3090c53.msp
    + 2010-05-03 21:06 . 2010-05-03 21:06 5053952 c:\windows\Installer\145b8d0.msp
    + 2010-03-30 17:34 . 2010-03-30 17:34 3826688 c:\windows\Installer\145b8b8.msp
    + 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE
    + 2007-04-30 19:57 . 2007-04-30 19:57 7084384 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE
    + 2010-07-11 17:22 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
    + 2010-07-11 17:22 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
    + 2010-07-11 17:22 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
    + 2010-07-11 17:17 . 2010-07-11 17:17 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fa5d297b\System.dll
    + 2010-07-11 17:22 . 2010-07-11 17:22 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1c83db5f\System.dll
    + 2010-07-11 17:17 . 2010-07-11 17:17 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e88cfbaa\System.Xml.dll
    + 2010-07-11 17:23 . 2010-07-11 17:23 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e325d47f\System.Xml.dll
    + 2010-07-11 17:17 . 2010-07-11 17:17 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b9557784\System.Windows.Forms.dll
    + 2010-07-11 17:23 . 2010-07-11 17:23 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_67c8a858\System.Windows.Forms.dll
    + 2010-07-11 17:24 . 2010-07-11 17:24 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_0fab4b1f\System.Drawing.dll
    + 2010-07-11 17:24 . 2010-07-11 17:24 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_e1485b98\System.Design.dll
    + 2010-07-11 17:18 . 2010-07-11 17:18 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_56d9d2e0\System.Design.dll
    + 2010-07-11 17:19 . 2010-07-11 17:19 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e91d86a1\mscorlib.dll
    + 2010-07-11 17:25 . 2010-07-11 17:25 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bd06077e\mscorlib.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_d7474b41\System.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_f0f6e3be\System.Xml.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_2bfc1407\System.Windows.Forms.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_6408680c\System.Design.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_734534f4\mscorlib.dll
    - 2007-07-11 18:28 . 2007-07-11 18:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2010-07-11 17:16 . 2010-07-11 17:16 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2010-07-11 17:16 . 2010-07-11 17:16 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-07-11 18:28 . 2007-07-11 18:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    - 2007-07-11 18:27 . 2007-07-11 18:27 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2010-07-11 09:02 . 2010-07-11 09:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-03-08 09:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
    + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
    + 2010-07-11 17:29 . 2010-07-11 17:29 15710720 c:\windows\Installer\3090ca0.msp
    + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\3090c3e.msp
    + 2010-07-11 17:22 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
    "trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
    "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    2005-08-03 00:19 77312 ----a-w- c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
    2005-11-11 21:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
    2005-11-11 21:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    2005-11-01 10:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
    2001-09-10 14:08 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-12 19:57 1238352 ----a-w- c:\program files\Valve\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2006-06-21 17:14 35328 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\BitLord\\BitLord.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\Valve\\Steam\\steamapps\\radiofsoftware\\garrysmod\\hl2.exe"=
    "c:\\Program Files\\Valve\\Steam\\steamapps\\common\\zombie driver\\Release\\ZombieDriver.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1626:TCP"= 1626:TCP:Robotrage
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R?2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 12:15 PM 36864]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/6/2010 1:12 PM 64288]
    R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\DVRMSToolbox\DVRMSFileWatcherService.exe [6/2/2006 9:58 AM 32768]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/21/2010 12:44 PM 1352832]
    R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [9/27/2002 6:21 PM 22912]
    R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [1/23/2008 12:50 AM 23200]
    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [8/22/2006 2:55 AM 31744]
    R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [6/2/2006 7:39 PM 636416]
    R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [8/3/2009 3:52 PM 247808]
    R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [8/3/2009 3:52 PM 253184]
    R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [8/3/2009 3:53 PM 34944]
    S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2009 11:08 PM 133104]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [6/9/2006 2:19 AM 223128]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/2/2006 11:49 PM 643072]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 18:11]

    2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]

    2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-26 04:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: trymedia.com
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

    ---- FIREFOX POLICIES ----
    c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\progra~1\MOZILL~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
    MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe
    MSConfigStartUp-Gizmo Project - c:\program files\Gizmo Project\Gizmo.exe
    MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-11 13:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(912)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-07-11 13:39:41
    ComboFix-quarantined-files.txt 2010-07-11 18:39
    ComboFix2.txt 2010-07-11 01:48

    Pre-Run: 46,906,613,760 bytes free
    Post-Run: 46,886,268,928 bytes free

    - - End Of File - - E44D27E023662B2328C812353CC7A134


    ------------------------------------------------
    DDS Log

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HP_Administrator at 13:42:58.70 on Sun 07/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1256 [GMT -5:00]

    AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
    C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Borland\InterBase\bin\ibguard.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\Borland\InterBase\bin\ibserver.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
    mRun: [trutil0] c:\windows\system32\trutil01.exe
    mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_administrator\start menu\programs\imvu\Run IMVU.lnk
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: trymedia.com
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
    DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
    DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
    DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
    DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} - hxxp://asp.mathxl.com/books/_Players/EconPlayer.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\t445rp2p.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\t445rp2p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozill~1\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\progra~1\mozill~1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\progra~1\mozill~1\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R?2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]
    R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-3 11608]
    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-3 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-3 151297]
    R2 DVRMSFileWatcherService;DVRMSFileWatcherService;c:\program files\dvrmstoolbox\DVRMSFileWatcherService.exe [2006-6-2 32768]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1352832]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
    R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2008-1-23 23200]
    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-8-22 31744]
    R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-3 52056]
    R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2006-6-2 636416]
    R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMINI.sys [2009-8-3 247808]
    R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVGAMINI.sys [2009-8-3 253184]
    R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2009-8-3 34944]
    S2 gupdate1c997c7df809ca6;Google Update Service (gupdate1c997c7df809ca6);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2006-6-9 223128]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2010-07-11 17:28:46 0 d-----w- c:\program files\MSXML 6.0
    2010-07-11 09:06:39 0 d-----w- c:\windows\ServicePackFiles
    2010-07-11 09:05:53 0 d-----w- c:\windows\ie8updates
    2010-07-11 03:44:51 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-07-11 03:44:51 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-07-11 03:44:50 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-07-11 03:44:49 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-07-11 03:44:49 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-07-11 03:44:48 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-07-11 03:44:46 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-07-11 03:22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-11 03:22:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-11 03:22:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-11 01:18:44 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-07-11 01:13:55 0 d-sha-r- C:\cmdcons
    2010-07-11 01:09:07 77312 ----a-w- c:\windows\MBR.exe
    2010-07-11 01:09:06 98816 ----a-w- c:\windows\sed.exe
    2010-07-11 01:09:06 256512 ----a-w- c:\windows\PEV.exe
    2010-07-11 01:09:06 161792 ----a-w- c:\windows\SWREG.exe
    2010-07-06 18:12:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-07-06 17:57:45 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-06 17:57:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-07-06 17:47:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}

    ==================== Find3M ====================

    2010-06-17 21:22:10 8654 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
    2010-05-06 10:41:52 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-05-06 10:41:52 5950976 ----a-w- c:\windows\system32\dllcache\mshtml.dll
    2010-05-06 10:41:52 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-05-06 10:41:52 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
    2010-05-06 10:41:51 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
    2010-05-06 10:41:50 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-05-06 10:41:48 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2006-10-24 05:29:02 2199552 ----a-w- c:\program files\tb_triforce_1_6.dll
    2006-10-24 05:11:06 3223552 ----a-w- c:\program files\tb_toad_1_2.dll
    2006-10-24 04:38:10 4542464 ----a-w- c:\program files\tb_peach_1_2.dll
    2001-09-10 15:00:26 139264 ----a-w- c:\windows\inf\i386\Rtscan.dll
    2001-09-10 14:10:36 61440 ----a-w- c:\windows\inf\i386\onetUSD.dll
    2001-08-18 00:43:24 32768 ----a-w- c:\windows\inf\i386\Wiamicro.dll
    2001-08-04 00:29:18 13824 ----a-w- c:\windows\inf\i386\usbscan.sys
    2001-06-29 14:10:24 163840 ----a-w- c:\windows\inf\i386\viceo.dll
    2010-03-22 03:40:38 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 13:43:11.20 ===============
  8. 2010-07-12, 01:39 #38
    IndiGenus
    IndiGenus is offline
    Emeritus- Malware Team
    Join Date
    Oct 2009
    Location
    New England, USA
    Posts
    503

    Default

    Looks like it did what we needed it to.

    One more scan in order I think, unless there are any problems.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Also,
    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    IndiGenus
  9. 2010-07-12, 07:39 #39
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Just checking in to say that I started the scan a few minutes after you posted the directions for them, but it has taken a painstakingly long time, currently it's 79% and that's after about 4 hours - two of which were devoted to downloading updates I believe. I'm going to let it run overnight and should be able to post the logs in the morning, but from the afternoon of the 12th until the evening of the 14th I will be out of town.
  10. 2010-07-12, 16:17 #40
    RMIII
    RMIII is offline
    Member
    Join Date
    Jul 2010
    Posts
    30

    Default

    Well apparently Windows Update rebooted the computer sometime between now and my last post so I didn't get the log, and since the scan last time had taken about 7 hours before I decided to go to bed I cannot run it again until I return home in a couple of days, but whenever I return I'll start it up first thing.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules