- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
FCopy::
C:\WINDOWS\system32\dllcache\helpsvc.exe | C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
here is the log
ComboFix 09-09-18.02 - Ben 09/20/2009 18:04.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.494 [GMT -4:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--------------- FCopy ---------------
c:\windows\system32\dllcache\helpsvc.exe --> c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.
2009-09-20 14:21 . 2009-09-20 14:21 -------- d-----w- c:\windows\LastGood
2009-09-20 04:44 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-20 04:44 . 2009-09-20 14:23 -------- d-----w- c:\windows\system32\KB905474
2009-09-20 04:32 . 2009-09-20 04:32 -------- d-----w- c:\windows\ie8updates
2009-09-19 22:00 . 2009-09-19 22:00 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Apple_Inc
2009-09-19 20:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-19 20:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-19 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-18 02:12 . 2009-09-19 17:38 -------- d-----w- c:\documents and settings\Laura\Application Data\LimeWire
2009-09-18 02:12 . 2009-09-18 03:04 -------- d-----w- c:\documents and settings\Laura\.limewire
2009-09-14 01:03 . 2009-09-14 01:03 -------- d-----w- C:\iTunes Media
2009-09-12 18:59 . 2009-09-12 18:59 -------- d-----w- c:\program files\WinDirStat
2009-09-12 00:59 . 2009-09-12 00:59 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-12 00:56 . 2009-09-12 00:56 -------- d-----w- c:\program files\iPod
2009-09-12 00:55 . 2009-09-12 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 21:22 . 2009-09-11 21:22 -------- d-----w- c:\program files\Trend Micro
2009-09-11 21:16 . 2009-09-11 21:16 -------- d-----w- c:\program files\ERUNT
2009-09-01 22:51 . 2009-09-01 22:51 -------- d-----w- c:\program files\Sims2Programs.com
2009-09-01 21:59 . 2009-09-12 13:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-01 04:11 . 2009-09-01 04:11 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-01 04:02 . 2009-09-01 03:57 151552 ----a-w- c:\windows\system32\nvRegDev.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 21:58 . 2009-01-19 20:17 -------- d-----w- c:\documents and settings\Ben\Application Data\uTorrent
2009-09-20 15:55 . 2009-08-06 01:18 -------- d-----w- c:\documents and settings\Ben\Application Data\vlc
2009-09-20 14:13 . 2009-01-27 22:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-20 04:36 . 2009-01-27 22:38 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-20 03:43 . 2009-02-01 17:19 -------- d-----w- c:\documents and settings\Dave\Application Data\Apple Computer
2009-09-20 03:40 . 2009-02-01 20:16 73352 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 23:55 . 2009-01-26 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-19 20:39 . 2009-01-18 00:29 73352 ----a-w- c:\documents and settings\Ben\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 19:43 . 2009-06-15 14:21 -------- d-----w- c:\program files\Microsoft Games
2009-09-18 20:31 . 2009-03-06 19:37 -------- d-----w- c:\documents and settings\Dave\Application Data\vlc
2009-09-18 02:46 . 2009-01-31 16:18 -------- d-----w- c:\documents and settings\Laura\Application Data\Apple Computer
2009-09-17 02:16 . 2009-05-27 19:14 256 ----a-w- c:\windows\system32\pool.bin
2009-09-16 22:11 . 2009-08-17 03:09 -------- d-----w- c:\program files\EA GAMES
2009-09-16 02:06 . 2009-01-19 21:43 -------- d-----w- c:\documents and settings\Abi\Application Data\LimeWire
2009-09-16 02:05 . 2009-02-07 16:48 -------- d-----w- c:\documents and settings\Abi\Application Data\vlc
2009-09-15 23:52 . 2009-01-21 22:08 -------- d-----w- c:\documents and settings\Abi\Application Data\Apple Computer
2009-09-14 19:49 . 2009-02-01 19:45 -------- d-----w- c:\program files\Simply Accounting Pro 2009
2009-09-12 03:31 . 2009-01-25 00:08 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-09-12 01:42 . 2009-01-18 00:44 -------- d-----w- c:\documents and settings\Ben\Application Data\Apple Computer
2009-09-12 00:57 . 2009-01-18 00:43 -------- d-----w- c:\program files\iTunes
2009-09-12 00:56 . 2009-01-18 00:42 -------- d-----w- c:\program files\Common Files\Apple
2009-09-12 00:51 . 2009-01-18 00:43 -------- d-----w- c:\program files\QuickTime
2009-09-11 21:23 . 2009-03-01 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 22:31 . 2009-01-24 17:09 -------- d-----w- c:\program files\Google
2009-09-08 23:13 . 2009-01-25 01:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-01 12:29 . 2009-01-16 02:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-01 12:29 . 2009-01-16 02:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-01 12:29 . 2009-01-16 02:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-01 04:10 . 2009-01-16 01:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 23:42 . 2009-03-18 17:54 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2009-01-18 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-21 00:19 . 2009-03-01 20:44 -------- d-----w- c:\documents and settings\Ben\Application Data\soundcrank
2009-08-20 05:27 . 2009-08-20 05:27 -------- d-----w- c:\program files\iLyrics
2009-08-20 04:36 . 2009-05-21 21:22 -------- d-----w- c:\documents and settings\Ben\Application Data\Skype
2009-08-20 04:36 . 2009-05-21 21:24 -------- d-----w- c:\documents and settings\Ben\Application Data\skypePM
2009-08-20 01:53 . 2009-01-18 15:25 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-20 01:53 . 2009-08-20 01:52 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-20 01:52 . 2009-01-18 15:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-08-19 19:31 . 2009-08-19 19:31 -------- d--h--r- c:\documents and settings\Ben\Application Data\SecuROM
2009-08-19 19:31 . 2009-08-19 19:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-18 12:41 . 2009-08-18 12:40 -------- d-----w- c:\program files\D-Tools
2009-08-18 04:54 . 2009-08-18 04:37 -------- d-----w- c:\documents and settings\Ben\Application Data\mIRC
2009-08-18 03:36 . 2009-01-16 03:07 -------- d-----w- c:\program files\Java
2009-08-18 02:37 . 2009-08-18 02:37 -------- d-----w- c:\program files\vSoft
2009-08-17 02:16 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 02:16 . 2009-08-17 02:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-13 23:50 . 2009-04-07 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-12 23:04 . 2009-01-24 17:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 22:37 . 2009-08-12 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-12 22:29 . 2009-08-12 22:29 -------- d-----w- c:\program files\Shockwave.com
2009-08-12 14:16 . 2009-08-12 14:16 -------- d-----w- c:\documents and settings\Abi\Application Data\Atari
2009-08-12 03:17 . 2009-08-12 02:13 -------- d-----w- c:\program files\RealArcade
2009-08-12 02:16 . 2009-08-12 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RealArcade
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\program files\Zylom Games
2009-08-12 02:15 . 2009-08-12 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-07 19:47 . 2009-08-07 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-06 03:47 . 2009-08-06 03:46 -------- d-----w- c:\program files\HyCam2
2009-08-06 01:07 . 2009-02-16 16:44 -------- d-----w- c:\program files\SwiftKit
2009-08-05 22:51 . 2009-02-16 16:28 34 ----a-w- c:\documents and settings\Ben\jagex_runescape_preferences.dat
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 13:38 . 2009-02-01 18:35 -------- d-----w- c:\program files\NOS
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 18:19 . 2009-08-04 18:19 46180 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-04 18:18 . 2009-08-04 18:17 -------- d-----w- c:\program files\Safari
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-27 20:41 . 2009-06-05 03:30 -------- d-----w- c:\program files\WindSolutions
2009-07-27 20:41 . 2009-06-05 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-07-27 04:01 . 2009-07-27 04:01 -------- d-----w- c:\program files\ipsXP
2009-07-26 23:39 . 2009-07-26 23:39 -------- d-----w- c:\program files\iPhone Tunnel Suite 2.7 BETA
2009-07-25 09:23 . 2009-01-16 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 09:48 . 2009-08-20 01:53 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-14 03:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 15:10 . 2009-06-27 15:10 0 ----a-w- c:\documents and settings\Ben\Application Data\itunesoption.bin
.
((((((((((((((((((((((((((((( SnapShot@2009-09-19_21.45.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2008-04-14 12:00 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2009-01-16 02:22 . 2009-05-12 19:12 26144 c:\windows\system32\spupdsvc.exe
- 2009-01-16 02:22 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
- 2009-01-27 22:37 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2009-01-27 22:37 . 2009-05-12 19:12 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2008-04-14 12:00 . 2009-09-20 14:20 78462 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2009-03-08 17:50 78462 c:\windows\system32\perfc009.dat
+ 2009-01-15 22:38 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 91648 c:\windows\system32\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 23:54 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2008-04-14 12:00 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-01-15 22:38 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-04-14 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-16 02:40 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2008-04-14 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 84992 c:\windows\system32\avifil32.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-09-20 04:35 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\winhttp.dll
+ 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe
+ 2009-01-15 22:38 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-01-15 22:38 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2008-04-14 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2008-04-14 12:00 . 2009-09-20 14:20 462500 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2009-03-08 17:50 462500 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 284160 c:\windows\system32\pdh.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2008-05-27 03:18 . 2009-05-25 04:24 350208 c:\windows\system32\mssph.dll
- 2008-05-27 03:18 . 2008-05-27 03:18 350208 c:\windows\system32\mssph.dll
- 2007-08-13 23:54 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2008-04-14 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 989696 c:\windows\system32\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
- 2009-01-15 17:20 . 2009-09-19 20:35 244720 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 17:20 . 2009-09-20 14:13 244720 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 22:38 . 2008-04-21 12:08 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2008-04-14 12:00 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-01-15 22:38 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 12:00 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-09-06 04:29 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe
+ 2008-09-06 04:30 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll
- 2009-01-15 22:40 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-01-15 22:40 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
+ 2008-04-14 12:00 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-04-14 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 12:00 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-14 12:00 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-16 02:40 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
- 2009-01-15 22:38 . 2008-04-14 12:00 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-01-15 22:38 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2008-04-14 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2008-04-14 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 12:00 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-15 22:38 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\dllcache\advapi32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\advapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2009-09-20 04:44 . 2009-09-20 04:44 177664 c:\windows\Installer\1132a93.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\1132a7e.msp
+ 2009-09-20 04:33 . 2009-09-20 04:33 195584 c:\windows\Installer\1132a6d.msi
+ 2009-09-20 04:32 . 2009-09-20 04:32 248832 c:\windows\Installer\1132a67.msi
+ 2009-09-20 04:35 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-09-20 04:35 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-09-20 04:35 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-09-20 04:35 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-09-20 04:35 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-09-20 04:35 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-09-20 04:35 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-09-20 04:32 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-20 04:32 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-20 04:32 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
- 2008-04-14 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2008-04-14 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 8461312 c:\windows\system32\shell32.dll
+ 2008-04-14 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\quartz.dll
+ 2008-04-14 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2008-04-14 12:00 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2008-04-14 00:01 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2008-04-14 00:01 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2009-01-15 22:38 . 2009-06-10 13:19 2066432 c:\windows\system32\mstscax.dll
+ 2008-04-14 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
- 2008-04-14 12:00 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll
+ 2008-03-20 23:06 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll
+ 2007-08-13 23:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
- 2008-04-14 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-04-14 12:00 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-16 02:32 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-01-16 02:32 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-16 02:32 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-16 02:32 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-01-15 22:40 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2008-04-14 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
- 2008-04-14 12:00 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-16 02:40 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-20 04:35 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-09-20 04:35 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-09-20 04:35 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-01-16 02:32 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-16 02:32 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-16 02:32 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-16 02:32 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-16 02:32 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-04-14 12:00 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-01-16 02:37 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2009-07-19 22:48 11067392 c:\windows\system32\ieframe.dll
+ 2008-04-14 12:00 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-01-16 02:40 . 2009-07-19 22:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-09-20 04:33 . 2009-09-20 04:33 15709696 c:\windows\Installer\1132a74.msp
+ 2009-09-20 04:35 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-01 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
c:\documents and settings\Abi\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\Deanna\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\Laura\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-1-29 139776]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-01 12:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^air mouse.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnkStartup
[HKLM\~\startupfolder\c:^documents and settings^ben^start menu^programs^startup^openoffice.org 3.0.lnk]
path=c:\documents and settings\Ben\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\list]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/15/2009 10:01 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/15/2009 10:01 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/15/2009 10:01 PM 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/20/2009 8:57 PM 55152]
R2 simply accounting database connection manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [2/1/2009 3:47 PM 16680]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1/18/2009 11:25 AM 604488]
S1 e77b25f3;e77b25f3;c:\windows\system32\drivers\e77b25f3.sys [1/25/2009 5:19 PM 0]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/15/2009 10:01 PM 908056]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [1/15/2009 10:22 PM 26144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [4/7/2009 10:33 PM 1527900]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [1/31/2009 3:37 PM 28672]
S3 maestro;ESS Maestro Audio Driver (WDM);c:\windows\system32\drivers\maestro.sys [6/15/2009 6:56 PM 48768]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 19:53]
2009-09-20 c:\windows\Tasks\SyncBackSE iTunes Library.job
- c:\program files\2BrightSparks\SyncBackSE\SyncBackSE.exe [2009-06-29 15:35]
2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{FC260F21-52D8-4B8B-AFC4-C59D0DCF381F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJman000&fl=0&ptb=vYOeFOBKsYtUIi69AUOgTw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\w3x0jrhr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE} - c:\documents and settings\Abi\Local Settings\Application Data\{2DBF8B08-443D-49C2-8AF0-D5CEE3D212FE}
FF - HiddenExtension: XUL Cache: {AD35E7C4-3327-4545-9D18-92A5826F0DE9} - c:\documents and settings\Dave\Local Settings\Application Data\{AD35E7C4-3327-4545-9D18-92A5826F0DE9}
FF - HiddenExtension: XUL Cache: {A5DFCA5A-FE10-419E-91A9-66930BB1B2BF} - c:\documents and settings\Deanna\Local Settings\Application Data\{A5DFCA5A-FE10-419E-91A9-66930BB1B2BF}
FF - HiddenExtension: XUL Cache: {280C7ED6-0B91-4DF2-8F59-C738198B01F2} - c:\documents and settings\Ben\Local Settings\Application Data\{280C7ED6-0B91-4DF2-8F59-C738198B01F2}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XUL Cache: {0106F0F5-8B26-47AC-A366-B75EF6440A7C} - c:\documents and settings\Laura\Local Settings\Application Data\{0106F0F5-8B26-47AC-A366-B75EF6440A7C}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-09-20 18:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-20 18:26
ComboFix-quarantined-files.txt 2009-09-20 22:25
ComboFix2.txt 2009-09-19 21:58
Pre-Run: 14,143,320,064 bytes free
Post-Run: 14,112,395,264 bytes free
517 --- E O F --- 2009-09-20 04:45