PC Infected

[Bill Moz]

attach2

[Jack&Jill]

Hello Bill Moz ,

Go to C:\Program Files\Malwarebytes' Anti-Malware and look for the file mbam.exe. Rename it billmbam.exe.. Now, try to run MBAM by double clicking on the file.

[Bill Moz]

Renamed file to Billmbam as instructed, program will start but produces an error code when searching for updates.

MBAM_ERROR_UPDATING(12007,0, WinHttpSendRequest)

[Jack&Jill]

Hello Bill Moz ,

The renaming works for me. The connection by MBAM must have been blocked.

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT

• Double click on erunt-setup.exe and run the installation setup.
• Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
• Continue until you get prompted to run ERUNT at startup. Choose No.
• Next, make sure Launch ERUNT is checked (ticked) and click Finish.
• Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1
Link 2

• Double click on SystemLook.exe to run it.
• Copy and paste the following text into the main textfield:
  
  Code:

  :regfind 
  93.188.162.131,93.188.160.11

• Click the Look button to start the scan. This might take a while.
• When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
  Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Please post back:
1. the SystemLook result

[Bill Moz]

Backed up registry using Erunt, downloaded and ran SystemLook. Scan only lasted for 10 to 15 seconds, not sure if that was correct by your advice that it might take awhile.


SystemLook 04.09.10 by jpshortstuff
Log created at 20:27 on 02/11/2010 by Bill
Administrator - Elevation successful

========== regfind ==========

Searching for "93.188.162.131,93.188.160.11"
No data found.

-= EOF =-

[Jack&Jill]

Hello Bill Moz ,

The SystemLook scan was intermittently successful when I tried it. We'll proceed to the next step.

Clear TCP

• Open Notepad. Copy and paste the following text into it:
  
  Code:

  @echo off
  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NameServer" /f
  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57AF70CF-362F-432B-B507-09FEAD668603}" /v "NameServer" /f
  reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3A6FFF1-78F6-4DB3-B99B-6302D6422CF0}" /v "NameServer" /f
  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NameServer" /f
  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57AF70CF-362F-432B-B507-09FEAD668603}" /v "NameServer" /f
  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3A6FFF1-78F6-4DB3-B99B-6302D6422CF0}" /v "NameServer" /f
  ipconfig /flushdns
  del %0

• Save it as ClearTCP.bat on the desktop. Make sure the Save as type: is All Files (*.*).
• Double click on ClearTCP.bat to run it. Allow if prompted by any security software.

Please reboot you computer.

Now, try running MBAM again and post back the result.

[Bill Moz]

Cleared TCP updated and ran mbam.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5026

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2010 6:07:00 AM
mbam-log-2010-11-03 (06-07-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 362028
Time elapsed: 3 hour(s), 49 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57af70cf-362f-432b-b507-09fead668603}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.164.242,93.188.160.242 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Camtasia\camtasia keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[Jack&Jill]

Hello Bill Moz ,

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Run ATF Cleaner

• Double-click ATF Cleaner.exe to open it.
• Click Run if prompted.
• At the bottom of the list, check (tick) Select All.
• Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
• Then click the Empty Selected button.
• Firefox:
  • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
  • Click the Empty Selected button.
  • Note: If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 7.0

• Go to the Adobe download page. Click here.
• If your OS is not the same as stated, click on Different language or operating system? link.
  
  • Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
  • Change the language if you want by clicking on English below the Select a language title.
  • Press Continue.
  • Uncheck (untick) Free McAfee Security Scan (optional).
  • Click the Download now button after selecting the latest version.
  • Allow if prompted and save the file to a convenient location.
  • Run the downloaded file to continue with the installation.
• If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
• Click Download to proceed. Allow if prompted and save the file to a convenient location.
• Run the downloaded file to continue with the installation.

--------------------

You should always keep your Java updated to the latest version too.

• To set for automatic updates of Java, Go to Start > Control Panel.
• Double click on the Java icon to open the Java Control Panel.
• Click on the Update tab.
• Make sure the option Check for Updates Automatically is ticked.
• You can also update Java manually via the Update Now button, then continue accordingly.
• Click on OK when you are done.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

• Click here to go to ESET Online Scanner page.
• Click on ESET Online Scanner. A new window will open.
  For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
• After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
• You will be prompted to install an ActiveX Control from ESET. Please install.
• At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
• Now, click on Advanced settings and make sure all these are checked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click on Scan to proceed.
• When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
• Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the ESET online scan result
2. fresh DDS log
3. how is your computer now?

[Bill Moz]

Ran ATF cleaner, deleted old adobe reader, checked Java auto update. Ran Eset scan, 9 files found, no files cleaned, should I delete the files?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-04 02:33:30
# local_time=2010-11-03 09:33:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70251 70251 0 0
# compatibility_mode=1024 16777191 100 0 20309473 20309473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102201
# found=9
# cleaned=0
# scan_time=6506
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\39\3f57e627-1ad38c1f a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\45\7c599ead-497b82a1 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\61\6459dbfd-2538be44 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\9\24ea7dc9-59e1eeea a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I



DDS log to follow

[Bill Moz]

DDS (Ver_10-10-21.02) - NTFSx86
Run by Bill at 23:00:53.40 on Wed 11/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1329 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Bill\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON Artisan 800(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_S82.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\bill\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225515211757
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225558772171
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 WLSVC;WLSVC;c:\program files\linksys wireless-g pci wireless network monitor\WLService.exe [2008-11-1 41025]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-3-31 14336]

=============== Created Last 30 ================

2010-11-04 00:36:28 -------- d-----w- c:\program files\ESET
2010-11-02 00:46:47 -------- d-----w- c:\docume~1\bill\applic~1\Malwarebytes
2010-10-31 15:42:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 15:42:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-31 15:42:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 15:42:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 13:14:14 388096 ----a-r- c:\docume~1\bill\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-23 13:14:13 -------- d-----w- c:\program files\Trend Micro
2010-10-13 01:16:32 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 01:16:32 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 01:16:20 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:03:00.20 ===============