Here is Combofix Log
ComboFix 09-08-31.03 - VanDever 09/01/2009 7:01.1.1 - NTFSx86
Running from: c:\documents and settings\VanDever\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\niawndos.exe
C:\p2hhr.bat
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\Gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\windows\010112010146120114.dat
c:\windows\0101120101464849.dat
c:\windows\prxid93ps.dat
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
F:\autorun.inf
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-08-29 21:28 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 21:27 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 04:06 . 2009-08-28 04:06 -------- d--h--w- c:\windows\PIF
2009-08-28 04:02 . 2009-08-28 04:02 -------- d-----w- c:\program files\ERUNT
2009-08-23 13:13 . 2009-08-23 13:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-23 13:12 . 2009-08-23 13:12 152576 ----a-w- c:\documents and settings\VanDever\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-19 02:01 . 2009-08-26 23:08 -------- d-----w- c:\documents and settings\VanDever\Local Settings\Application Data\Google
2009-08-19 02:00 . 2009-08-19 02:00 -------- d-----w- c:\program files\Google
2009-08-05 15:20 . 2009-09-01 12:01 -------- d-----w- c:\windows\system32\CatRoot
2009-08-04 16:52 . 2009-08-04 16:52 205893 -c--a-w- C:\vkywt.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 12:04 . 2009-07-29 03:07 -------- d-----w- c:\program files\Gamevance
2009-08-23 13:12 . 2005-04-28 04:48 -------- d-----w- c:\program files\Java
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 18:29 . 2009-06-28 18:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-26 00:06 . 2005-04-27 16:59 47680 -c--a-w- c:\documents and settings\VanDever\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 12:10 . 2005-04-27 16:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-05 16:42 . 2009-03-22 14:19 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 16:42 . 2007-11-23 13:53 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
------- Sigcheck -------
[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB890923$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454_0$\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll
[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB939653$\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\ie7\wininet.dll
[-] 2007-08-14 00:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\dllcache\wininet.dll
[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2004-08-04 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2005-03-10 07:43 3011072 255C2CE965543ABDC3E0A25A5DA1874A c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll
[-] 2005-10-05 00:51 3017728 3394299FBF1CD0B24089FC762611360B c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-07-20 02:03 3016192 A14A7A206AE22DE4FE563E44CFC7DDF5 c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-11-24 01:07 3018240 D3F037F5DA702AE9DDD7663EC9D78BA7 c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-10-23 15:34 3061248 88E1C15BB1A9ED3CBA4D6F2F408D5010 c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2007-08-20 10:02 3592192 AA8A4BD78D24FCDB96DDAEE3756AA372 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-12-07 02:01 3593216 976C46ED4A75FC66D9C596778898CE1E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 13:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 13:31 3600384 F6098CC1B1C3858D53F20F3CB5774F3B c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2005-03-10 08:02 3010560 84A1B9B0C362051E68BB131F14C6DAAD c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2004-08-04 12:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB890923$\mshtml.dll
[-] 2005-07-20 02:00 3014144 31E7520E58E5E4DFA93215A6D5603AF2 c:\windows\$NtUninstallKB896688$\mshtml.dll
[-] 2005-05-02 20:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB896727$\mshtml.dll
[-] 2005-10-05 00:25 3015168 042AC20E084D21DD6BEE99B89CC30FB7 c:\windows\$NtUninstallKB905915$\mshtml.dll
[-] 2005-11-24 01:06 3015680 5E7A39950EA133BB54719A6E08C544A7 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-10-23 15:17 3055104 5FC7DE1195C8E9B5360FD65DBE95E5B0 c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\$NtUninstallKB925454_0$\mshtml.dll
[-] 2006-10-23 15:34 3061248 88E1C15BB1A9ED3CBA4D6F2F408D5010 c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2007-01-04 14:05 3062272 1C45525574EF206346FBAFCAAC7CC4A5 c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2007-02-20 06:52 3063296 2991727809C7AC3A33E4178CC73244D8 c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-05-04 12:59 3064320 00ADCB32832A10ED9419493BCEA97526 c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-06-15 08:12 3064320 53F3FD772C010622346C39284C4A863B c:\windows\$NtUninstallKB939653$\mshtml.dll
[-] 2007-08-22 12:55 3064832 885E3BF99EA4B2213901EBC35B34CF12 c:\windows\ie7\mshtml.dll
[-] 2007-08-14 00:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 10:04 3584512 E267EE248CDA7667C19001C069DE867B c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 23:42 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 05:21 3592192 A097C36412455F0C7E42377FAF8809B7 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-01 23:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 03:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 15:57 3592192 EC936148284F557F19C333178768109B c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:24 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 08:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-17 03:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-04-14 00:11 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\dllcache\mshtml.dll
[-] 2004-08-04 03:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 12:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll
[-] 2004-08-04 12:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll
[-] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys
[-] 2004-08-04 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll
[-] 2004-08-04 12:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 12:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll
[-] 2004-08-04 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 12:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2004-08-04 12:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll
[-] 2004-08-04 12:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\system32\netlogon.dll
[-] 2004-08-04 12:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\system32\qmgr.dll
[-] 2008-04-14 00:12 409088 574738F61FCA2935F5265DC4E5691314 c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 12:00 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 00:12 181248 A86BB5E61BF3E39B62AB4C7E7085A084 c:\windows\system32\scecli.dll
[-] 2004-08-04 12:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\system32\eventlog.dll
[-] 2004-08-04 12:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 18:57 14336 B153AFFAC761E7F5FCFA822B9C4E97BC c:\windows\system32\drivers\asyncmac.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 12:00 52224 C086483E3DBA8C1C0A687EC8D5B3D4C1 c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 03:47 27136 C51B4A5C05A5475708E3C81C7765B71D c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 129536 EEF46DAB68229A14DA3D8E73C99E2959 c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 00:12 129024 295D21F14C335B53CB8154E5B1F892B9 c:\windows\system32\xmlprov.dll
[-] 2004-08-04 12:00 60416 10654F9DDCEA9C46CFB77554231BE73B c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 00:11 62464 3D4E199942E29207970E04315D02AD3B c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 12:00 77312 E3CFCCDDA4EDD1D0DC9168B2E18F27B8 c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 00:11 77824 A06CE3399D16DB864F55FAEB1F1927A9 c:\windows\system32\browser.dll
[-] 2005-07-08 16:28 249344 1418A3A6E76E5A2E3F5E43866E793A8B c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 16:27 249344 FB78839B36025AA286A51289ED28B73E c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 12:00 246272 EB4A4187D74A8EFDCBEA3EA2CB1BDFBD c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 00:12 249856 3CB78C17BB664637787C9A1C98F79C38 c:\windows\system32\tapisrv.dll
[-] 2008-06-20 17:36 245248 1DFCA7713EA5A70D5D93B436AEA0317A c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 17:43 245248 FCEE5FCB99F7C724593365C706D28388 c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 17:41 245248 097722F235A1FB698BF9234E01B52637 c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 12:00 245248 4E74AF063C3271FBEA20DD940CFD1184 c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] 2008-04-14 00:12 245248 B4138E99236F0F57D4CF49BAE98A0746 c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\system32\mswsock.dll
[-] 2008-06-20 17:46 245248 832E4DD8964AB7ACC880B2837CB1ED20 c:\windows\system32\dllcache\mswsock.dll
[-] 2005-08-22 18:24 197632 3516D8A18B36784B1005B950B84232E1 c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2005-08-22 18:29 197632 36739B39267914BA69AD0610A0299732 c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 12:00 198144 DAB9E6C7105D2EF49876FE92C524F565 c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 00:12 198144 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE c:\windows\system32\netman.dll
[-] 2005-07-26 04:20 243200 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2008-07-07 20:06 253952 A4AB3DCA4A383F0DF4988ABDEB84F9A4 c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 253952 F17F6226BDC0CD5F0BEF0DAF84D29BEC c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:32 253952 60D1A6342238378BFB7545C81EE3606C c:\windows\$NtServicePackUninstall$\es.dll
[-] 2004-08-04 12:00 243200 ACD36A2DD7D1E9D8A060AA651DC07E63 c:\windows\$NtUninstallKB902400$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:39 243200 34BBD9ACC1538818F2C878898C64E793 c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2008-04-14 00:11 246272 19A799805B24990867B00C120D300C3A c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\system32\es.dll
[-] 2008-07-07 20:26 253952 D4991D98F2DB73C60D042F1AEF79EFAE c:\windows\system32\dllcache\es.dll
[-] 2005-09-01 01:44 19968 648BF0B4DDE4F7A1156DAE7174D36EFA c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 01:41 19968 A1A688EE56CF3BBD24EDEB815D48E9BA c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 12:00 18944 C2BBD044C741EA4292016C36F718D2E4 c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2008-04-14 00:11 19968 2DC5A8019E2387987905F77C664E4BE2 c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 00:11 19968 2DC5A8019E2387987905F77C664E4BE2 c:\windows\system32\linkinfo.dll
[-] 2004-08-04 12:00 71680 4B8D61792F7175BED48859CC18CE4E38 c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 00:12 71680 0A5679B3714EDAB99E357057EE88FCA6 c:\windows\system32\ssdpsrv.dll
[-] 2007-02-05 20:19 185344 36ACA6CDC19C95FF468A1426EB7F32F0 c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 20:17 185344 ACA5D98663D879C6BAAFCEA7E2F1B710 c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 12:00 185344 0546477BDE979E33294FE97F6B3DE84A c:\windows\$NtUninstallKB931261$\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 00:12 185856 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 c:\windows\system32\upnphost.dll
[-] 2004-08-04 12:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll
[-] 2004-08-04 12:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\system32\wscntfy.exe
[-] 2004-08-04 12:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\$NtServicePackUninstall$\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\ServicePackFiles\i386\rasauto.dll
[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\system32\rasauto.dll
[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 12:00 190976 92360854316611F6CC471612213C3D92 c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 00:12 192512 0A9A7365A1CA4319AA7C1D6CD8E4EAFA c:\windows\system32\schedsvc.dll
[-] 2004-08-04 12:00 59904 3151427DB7D87107D1C5BE58FAC53960 c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 00:12 59904 5B19B557B0C188210A56A6B699D90B8F c:\windows\system32\regsvc.dll
[-] 2006-12-19 21:50 135168 53D9184A21C5CBF600D918E51EF3A7E5 c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2006-12-19 21:52 134656 6815DEF9B810AEFAC107EEAF72DA6F82 c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 12:00 134656 E7518DC542D3EBDCB80EDD98462C7821 c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 00:12 135168 1926899BF9FFE2602B63074971700412 c:\windows\system32\shsvcs.dll
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 03:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-29 67128]
"Auto Run Software for Photo Frame"="c:\program files\Philips\Philips PhotoFrame\PhotoManager.exe" [2007-02-16 2273280]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-11-01 84480]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-23 149280]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-07-29 105984]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
c:\documents and settings\VanDever\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Harmony Monitor.lnk - c:\program files\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-1-20 81920]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-29 67128]
Logitech Harmony Remote Software 7.lnk - c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [2006-9-10 86112]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2005-4-28 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2009-01-08 22136]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
.
Contents of the 'Scheduled Tasks' folder
2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-Auto Run Software for Photo Frame - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-09-01 07:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-606747145-2139871995-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(116)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Cisco Systems\SSL VPN Client\Agent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Harmony Remote\EasyZapperManagerExe.exe
c:\program files\Logitech\SetPoint\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2009-09-01 7:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 12:31
Pre-Run: 1,369,776,128 bytes free
Post-Run: 2,803,564,544 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
531 --- E O F --- 2009-09-01 08:00
