microsoft essentials alert i'm stuck

[Protools954]

blade81
normal mode when first turn on the pc looks fine, yet, when you try to use any application it takes 15 to 30 min to open if it opens at all. just to look at a simple jpg (56 kb) it take 15 min. to shut down the pc could take 10-30 min if it shuts down at all. i am no sure what "registry" is.
i hope that can help a little
m

 

[Blade81]

Hi,

Let me know what steps you had taken before I took your case. In opening post you said: "i got the microsoft essentials alert scare ware bug, i some research and thought i could get rid of it myself i finaly got rid of the window"

 

[Protools954]

blade81
I stared with safemode and malwarebytes, avast just said it is offline and would not run it has been like that ever since. I did a yahoo search and stared with http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert
and then some others. most just didn't apply; some where i read about system restore- to an earlier time before i got the bug. the first 2 dates i tried did not work but the date before i got the bug worked. the "alert" window that never went a way was gone but everything still did not work. now the pc sarts up but many times i cant even go to the start button and shut the pc down.
thank you for any help.

 

[Blade81]

Hi,

Run a disk check by following instructions here.

After that, defrag the hard drive. When ready, try to get me DDS logs in normal mode.

 

[Protools954]

i ran the disc check and defraged the c drive (took along time, too much junk on my drive) in regular mode clicked on my computer and walked out of the room when i came back 2 hr later it never opened. in safe mode i ran dds


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 7:50:14.96 on 2011-02-07
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.772 [GMT -5:00]

AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://bontrafic.org/s/in.cgi?9&key=anti+rhumatic
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139844315265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\yktv0gvf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-8-9 16384]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-1-20 11264]
R1 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-8-9 21648]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2004-10-18 15488]
S1 6266c5bf;6266c5bf;c:\windows\system32\drivers\6266c5bf.sys --> c:\windows\system32\drivers\6266c5bf.sys [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-31 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-31 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-8-9 16400]
S2 mrtRate;mrtRate; [x]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-31 40384]
S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [2004-8-13 21024]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-8-9 97808]
S3 Duende;Duende Firewire Driver;c:\windows\system32\drivers\Duende.sys [2007-5-24 54320]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2007-9-5 54256]
S3 L6BODP;Bass PODxt Pro Service;c:\windows\system32\drivers\L6BODP.sys [2004-10-5 114048]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-8-9 21904]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2004-10-18 18816]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2004-10-18 24320]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2004-10-18 120576]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-1-15 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2006-1-15 22304]

=============== Created Last 30 ================

2011-02-05 15:59:27 -------- d-----w- c:\docume~1\admini~1\applic~1\Waves Preferences
2011-02-05 15:56:48 -------- d-----w- c:\docume~1\admini~1\applic~1\Cakewalk
2011-02-03 21:57:24 -------- d-----w- c:\program files\ESET
2011-01-30 19:09:45 -------- d-s---w- C:\ComboFix
2011-01-26 20:11:50 98816 ----a-w- c:\windows\sed.exe
2011-01-26 20:11:50 89088 ----a-w- c:\windows\MBR.exe
2011-01-26 20:11:50 256512 ----a-w- c:\windows\PEV.exe
2011-01-26 20:11:50 161792 ----a-w- c:\windows\SWREG.exe
2011-01-24 03:35:46 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe
2011-01-23 05:40:15 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-01-23 05:40:10 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-01-22 18:23:56 -------- d-----w- c:\docume~1\admini~1\applic~1\GrabPro
2011-01-22 00:40:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 00:40:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 00:40:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-14 07:03:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{77213b6a-ff79-41ce-9f35-70c7bec867ee}\mpengine.dll

==================== Find3M ====================

2011-02-05 15:58:31 16 ----a-w- c:\windows\system32\msvcsv60.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 7:51:20.04 ===============

 

[Blade81]

Hi,

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  c:\windows\system32\drivers\6266c5bf.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[Protools954]

thanks blade81
still in safe mode here it is
SystemLook 04.09.10 by jpshortstuff
Log created at 14:04 on 07/02/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "c:\windows\system32\drivers\6266c5bf.sys"
No files found.

-= EOF =-

 

[Blade81]

Hi,

Uninstall Ad-aware 6 Professional since it's not supported anymore. Also, uninstall Avast for now.

Please download the Registry Search tool by clicking on the
hard drive icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for 6266c5bf and click OK. Post the logfile from the tool here for me.

Could you see if you're able to open task manager in normal mode? If yes, see if there're other processes with high CPU value than just the system idle process.

 

[Protools954]

Blade81
I've uninstalled Ad-aware 6 Professional and Avast also:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "6266c5bf" 2011-02-08 22:23:20

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6266c5bf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6266c5bf]
"ImagePath"="\\SystemRoot\\System32\\drivers\\6266c5bf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6266c5bf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6266c5bf]
"ImagePath"="\\SystemRoot\\System32\\drivers\\6266c5bf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6266c5bf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6266c5bf]
"ImagePath"="\\SystemRoot\\System32\\drivers\\6266c5bf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6266c5bf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6266c5bf]
"ImagePath"="\\SystemRoot\\System32\\drivers\\6266c5bf.sys"

i will shut down safe mode and try task manger in regularmode

 

[Blade81]

Hi,

Download fresh copy of ComboFix.exe to your desktop.


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
6266c5bf

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

i will shut down safe mode and try task manger in regularmode

Ok. Let me know about those CPUs of processes.

 

[Protools954]

blade
i have not done the combo fix yet i just want to run some things by you first.

in regular mode simple things work better now( jpg open normally firefox opens normally)

but i can not get online also task manger goes from 2-18% to 80-100% really all over the place and this is with nothing open
thanks

 

[Blade81]

but i can not get online also task manger goes from 2-18% to 80-100% really all over the place and this is with nothing open

Could you anyway check names of a few of these most consuming processes?

Also, run ComboFix with that script.

 

[Protools954]

Wow

i Ran the combofix in regular mode....Bam
task manger running mostly 0 sometimes up to 10
41 processes running. mswinext.exe firefox.exe MsMpEng.exe svhost.exe explorer.exe nmap.exe are the big guys consuming the most mem usage internet with my wierless router working thank you so much
also combofix made me shut down (restart) i never saw a log but everything SEEMS ok so far thanks WOW thanks

 

[Blade81]

Hi,

Uninstall these in safe mode and see if computer runs any better in regular mode:
Bing Bar
Bing Bar Platform

 

[Protools954]

Dear Blade
i got rid of bing bar but i did not see a bing bar platform not in safe mode or regular mode. task manager seems the same and that is good compared to a week ago should i delete the old java and update java AND adobe flash or wait

thank you
m

 

[Blade81]

i got rid of bing bar but i did not see a bing bar platform not in safe mode or regular mode.

That's ok. bing bar platform entry is not necessarily present there.

should i delete the old java and update java AND adobe flash or wait

Yes, you may do that now. Post back fresh dds logs after that (taken in regular mode if possible).

 

[Protools954]

Blade
in regular mode

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 22:43:06.78 on Wed 02/16/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.441 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchURL,(Default) = hxxp://www.yahoo.com/
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\Toolbar.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139844315265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\c0djjq0p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-8-9 16384]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-1-20 11264]
R1 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-8-9 21648]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2008-8-9 16400]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-8-9 97808]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-8-9 21904]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2004-10-18 15488]
S2 mrtRate;mrtRate; [x]
S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [2004-8-13 21024]
S3 Duende;Duende Firewire Driver;c:\windows\system32\drivers\Duende.sys [2007-5-24 54320]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2007-9-5 54256]
S3 L6BODP;Bass PODxt Pro Service;c:\windows\system32\drivers\L6BODP.sys [2004-10-5 114048]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2004-10-18 18816]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2004-10-18 24320]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2004-10-18 120576]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-1-15 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2006-1-15 22304]

=============== Created Last 30 ================

2011-02-17 03:37:02 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{79d047ec-a523-4e88-850e-c4ad438d11be}\mpengine.dll
2011-02-15 04:09:49 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2011-02-15 03:51:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 03:51:25 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-13 03:36:53 -------- d-----w- C:\ComboFix
2011-02-13 03:35:57 98816 ----a-w- c:\windows\sed.exe
2011-02-13 03:35:57 89088 ----a-w- c:\windows\MBR.exe
2011-02-13 03:35:57 256512 ----a-w- c:\windows\PEV.exe
2011-02-13 03:35:57 161792 ----a-w- c:\windows\SWREG.exe
2011-02-03 21:57:24 -------- d-----w- c:\program files\ESET
2011-01-23 05:40:15 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-01-23 05:40:10 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-01-22 00:40:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 00:40:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 00:40:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

==================== Find3M ====================

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 22:43:58.10 ===============

 

[Blade81]

Good. Now, please re-run ComboFix and let it update itself. Post back the report.

 

[Protools954]

Blade 81 thanks
ComboFix 11-02-18.05 - Owner 02/19/2011 11:34:51.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.562 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\ACD Systems\ACDSee\ImageDB.ddf
G:\bo1dhu.bat
.
---- Previous Run -------
.
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_6266c5bf


((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-18 06:45 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{E32B2EFA-0154-4C57-B7E3-5A90C5C1A971}\mpengine.dll
2011-02-18 04:04 . 2011-02-18 04:05 -------- d-----w- c:\program files\iTunes
2011-02-18 04:00 . 2011-02-18 04:00 -------- d-----w- c:\program files\Bonjour
2011-02-15 04:09 . 2011-02-15 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-02-15 04:02 . 2011-02-15 04:02 -------- d-----w- c:\program files\Common Files\Java
2011-02-15 03:51 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-15 03:51 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-05 15:59 . 2011-02-05 15:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Waves Preferences
2011-02-05 15:56 . 2011-02-05 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Cakewalk
2011-02-03 21:57 . 2011-02-03 21:57 -------- d-----w- c:\program files\ESET
2011-01-24 03:35 . 2011-01-24 03:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-01-23 05:40 . 2011-01-23 05:40 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-01-23 05:40 . 2011-01-23 05:40 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-01-22 18:27 . 2011-01-22 18:27 -------- d-----w- c:\program files\ERUNT
2011-01-22 18:23 . 2011-01-22 18:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2011-01-22 18:23 . 2011-01-22 18:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GrabPro
2011-01-22 00:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 00:40 . 2011-01-22 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-22 00:40 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-10-03 17:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-21 14:44 . 2004-05-20 17:32 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2006-07-10 02:11 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-01-07 14:09 . 2004-05-20 17:51 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-04-01 04:50 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-05-20 17:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08 . 2004-08-24 00:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-05-20 17:52 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-05-20 17:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-05-20 17:52 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-04-01 04:49 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-05-20 17:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-04-01 04:49 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2002-08-29 08:04 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_20.22.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-19 16:23 . 2011-02-19 16:23 16384 c:\windows\temp\Perflib_Perfdata_254.dat
- 2006-12-27 11:08 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2006-12-27 11:08 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2004-05-20 17:32 . 2010-12-20 23:08 44544 c:\windows\system32\pngfilt.dll
- 2004-05-20 17:32 . 2010-11-06 00:34 44544 c:\windows\system32\pngfilt.dll
- 2006-10-17 18:33 . 2010-11-06 00:34 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-10-17 18:33 . 2010-12-20 23:08 52224 c:\windows\system32\msfeedsbs.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 27648 c:\windows\system32\jsproxy.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 27648 c:\windows\system32\jsproxy.dll
+ 2006-10-17 18:01 . 2010-12-20 12:54 13824 c:\windows\system32\ieudinit.exe
- 2006-10-17 18:01 . 2010-11-03 12:24 13824 c:\windows\system32\ieudinit.exe
+ 2004-05-20 17:52 . 2010-12-20 23:08 44544 c:\windows\system32\iernonce.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 44544 c:\windows\system32\iernonce.dll
+ 2004-05-20 17:52 . 2010-12-20 12:54 70656 c:\windows\system32\ie4uinit.exe
- 2004-05-20 17:52 . 2010-11-03 12:24 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 17:58 . 2010-11-06 00:34 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 17:58 . 2010-12-20 23:08 63488 c:\windows\system32\icardie.dll
+ 2011-02-18 04:01 . 2010-12-14 23:51 41984 c:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaapl.sys
+ 2011-02-18 04:01 . 2010-04-20 00:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
- 2010-04-08 17:20 . 2010-04-08 17:20 91424 c:\windows\system32\dnssd.dll
+ 2010-10-07 17:23 . 2010-10-07 17:23 91424 c:\windows\system32\dnssd.dll
- 2006-05-10 05:23 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:23 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-05-09 05:39 . 2010-11-06 00:34 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 05:39 . 2010-12-20 23:08 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-09 05:39 . 2010-11-03 12:24 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-09 05:39 . 2010-12-20 12:54 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-05-20 17:52 . 2010-11-06 00:34 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-02-20 18:09 . 2010-11-06 00:34 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 18:09 . 2010-12-20 23:08 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-10-17 18:00 . 2010-12-20 12:54 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-10-17 18:00 . 2010-11-03 12:24 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2010-12-20 23:08 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2010-11-06 00:34 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-06-29 16:12 . 2010-12-20 23:08 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2010-11-06 00:34 17408 c:\windows\system32\dllcache\corpol.dll
- 2004-04-01 08:57 . 2010-12-18 08:08 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 44544 c:\windows\ie7updates\KB2482017-IE7\pngfilt.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 52224 c:\windows\ie7updates\KB2482017-IE7\msfeedsbs.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 27648 c:\windows\ie7updates\KB2482017-IE7\jsproxy.dll
+ 2011-02-09 03:47 . 2010-11-03 12:24 13824 c:\windows\ie7updates\KB2482017-IE7\ieudinit.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 44544 c:\windows\ie7updates\KB2482017-IE7\iernonce.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 78336 c:\windows\ie7updates\KB2482017-IE7\ieencode.dll
+ 2011-02-09 03:47 . 2010-11-03 12:24 70656 c:\windows\ie7updates\KB2482017-IE7\ie4uinit.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 63488 c:\windows\ie7updates\KB2482017-IE7\icardie.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 17408 c:\windows\ie7updates\KB2482017-IE7\corpol.dll
+ 2004-04-01 08:57 . 2011-02-09 03:51 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-05-20 17:33 . 2010-11-06 00:34 233472 c:\windows\system32\webcheck.dll
+ 2004-05-20 17:33 . 2010-12-20 23:08 233472 c:\windows\system32\webcheck.dll
+ 2004-05-20 17:33 . 2010-12-20 23:08 105984 c:\windows\system32\url.dll
- 2004-05-20 17:33 . 2010-11-06 00:34 105984 c:\windows\system32\url.dll
+ 2004-05-20 17:31 . 2010-12-20 23:08 102912 c:\windows\system32\occache.dll
- 2004-05-20 17:31 . 2010-11-06 00:34 102912 c:\windows\system32\occache.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 671232 c:\windows\system32\mstime.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 671232 c:\windows\system32\mstime.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 193024 c:\windows\system32\msrating.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 193024 c:\windows\system32\msrating.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 478208 c:\windows\system32\mshtmled.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 478208 c:\windows\system32\mshtmled.dll
- 2006-10-17 18:33 . 2010-11-06 00:34 468480 c:\windows\system32\msfeeds.dll
+ 2006-10-17 18:33 . 2010-12-20 23:08 468480 c:\windows\system32\msfeeds.dll
+ 2011-02-15 03:51 . 2010-11-12 23:53 157472 c:\windows\system32\javaws.exe
+ 2011-02-15 03:51 . 2010-11-12 23:53 145184 c:\windows\system32\javaw.exe
+ 2011-02-15 03:51 . 2010-11-12 23:53 145184 c:\windows\system32\java.exe
- 2006-10-17 17:57 . 2010-11-06 00:34 268288 c:\windows\system32\iertutil.dll
+ 2006-10-17 17:57 . 2010-12-20 23:08 268288 c:\windows\system32\iertutil.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 192512 c:\windows\system32\iepeers.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 192512 c:\windows\system32\iepeers.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 384512 c:\windows\system32\iedkcs32.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 384512 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 17:27 . 2010-12-20 23:08 380928 c:\windows\system32\ieapfltr.dll
- 2006-10-17 17:27 . 2010-11-06 00:34 380928 c:\windows\system32\ieapfltr.dll
- 2004-05-20 17:52 . 2010-10-18 11:06 161792 c:\windows\system32\ieakui.dll
+ 2004-05-20 17:52 . 2010-12-20 11:23 161792 c:\windows\system32\ieakui.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 230400 c:\windows\system32\ieaksie.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 230400 c:\windows\system32\ieaksie.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 153088 c:\windows\system32\ieakeng.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 153088 c:\windows\system32\ieakeng.dll
- 2004-03-31 21:53 . 2010-12-18 08:25 164320 c:\windows\system32\FNTCACHE.DAT
+ 2004-03-31 21:53 . 2011-02-09 10:49 164320 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2010-12-20 23:08 133120 c:\windows\system32\extmgr.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 214528 c:\windows\system32\dxtrans.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 214528 c:\windows\system32\dxtrans.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 347136 c:\windows\system32\dxtmsft.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 347136 c:\windows\system32\dxtmsft.dll
+ 2010-10-07 17:23 . 2010-10-07 17:23 107808 c:\windows\system32\dns-sd.exe
- 2010-04-08 17:20 . 2010-04-08 17:20 107808 c:\windows\system32\dns-sd.exe
+ 2006-05-10 05:23 . 2010-12-20 23:08 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2010-11-06 00:34 832512 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 18:33 . 2010-11-06 00:34 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 18:33 . 2010-12-20 23:08 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 18:05 . 2010-11-06 00:34 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 18:05 . 2010-12-20 23:08 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 18:04 . 2010-11-06 00:34 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 18:04 . 2010-12-20 23:08 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-05-02 21:59 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:23 . 2010-11-06 00:34 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2010-12-20 23:08 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:23 . 2010-12-20 23:08 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:23 . 2010-11-06 00:34 478208 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 05:39 . 2010-11-06 00:34 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 05:39 . 2010-12-20 23:08 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-02 21:59 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-05-02 21:59 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2006-10-17 18:04 . 2010-10-18 11:07 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2006-10-17 18:04 . 2010-12-20 11:25 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 05:39 . 2010-12-20 23:08 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 05:39 . 2010-11-06 00:34 268288 c:\windows\system32\dllcache\iertutil.dll
- 2006-05-10 05:22 . 2010-11-06 00:34 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2010-12-20 23:08 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 384512 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-09 05:39 . 2010-11-06 00:34 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-09 05:39 . 2010-12-20 23:08 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-05-20 17:52 . 2010-10-18 11:06 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-05-20 17:52 . 2010-12-20 11:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-05-20 17:52 . 2010-12-20 23:08 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-05-20 17:52 . 2010-11-06 00:34 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 07:56 . 2010-11-06 00:34 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 07:56 . 2010-12-20 23:08 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2010-11-06 00:34 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2010-12-20 23:08 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2010-12-20 23:08 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2010-11-06 00:34 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2006-10-17 18:00 . 2010-12-20 23:08 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-10-17 18:00 . 2010-11-06 00:34 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-05-20 17:50 . 2010-11-06 00:34 124928 c:\windows\system32\advpack.dll
+ 2004-05-20 17:50 . 2010-12-20 23:08 124928 c:\windows\system32\advpack.dll
+ 2011-02-15 04:02 . 2011-02-15 04:02 180224 c:\windows\Installer\76293a2.msi
+ 2011-02-18 03:56 . 2011-02-18 03:56 811008 c:\windows\Installer\53a1924.msi
+ 2011-02-18 04:06 . 2011-02-18 04:06 380928 c:\windows\Installer\{AAD47011-8518-4608-9656-951DA35B587B}\iTunesIco.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2004-04-01 08:57 . 2011-02-09 03:51 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2004-04-01 08:57 . 2010-12-18 08:08 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 832512 c:\windows\ie7updates\KB2482017-IE7\wininet.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 233472 c:\windows\ie7updates\KB2482017-IE7\webcheck.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 105984 c:\windows\ie7updates\KB2482017-IE7\url.dll
+ 2011-02-09 03:47 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2482017-IE7\spuninst\updspapi.dll
+ 2011-02-09 03:47 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2482017-IE7\spuninst\spuninst.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 102912 c:\windows\ie7updates\KB2482017-IE7\occache.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 671232 c:\windows\ie7updates\KB2482017-IE7\mstime.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 193024 c:\windows\ie7updates\KB2482017-IE7\msrating.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 478208 c:\windows\ie7updates\KB2482017-IE7\mshtmled.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 468480 c:\windows\ie7updates\KB2482017-IE7\msfeeds.dll
+ 2011-02-09 03:47 . 2010-10-18 11:07 634648 c:\windows\ie7updates\KB2482017-IE7\iexplore.exe
+ 2011-02-09 03:47 . 2010-11-06 00:34 268288 c:\windows\ie7updates\KB2482017-IE7\iertutil.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 192512 c:\windows\ie7updates\KB2482017-IE7\iepeers.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 384512 c:\windows\ie7updates\KB2482017-IE7\iedkcs32.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 380928 c:\windows\ie7updates\KB2482017-IE7\ieapfltr.dll
+ 2011-02-09 03:47 . 2010-10-18 11:06 161792 c:\windows\ie7updates\KB2482017-IE7\ieakui.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 230400 c:\windows\ie7updates\KB2482017-IE7\ieaksie.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 153088 c:\windows\ie7updates\KB2482017-IE7\ieakeng.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 133120 c:\windows\ie7updates\KB2482017-IE7\extmgr.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 214528 c:\windows\ie7updates\KB2482017-IE7\dxtrans.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 347136 c:\windows\ie7updates\KB2482017-IE7\dxtmsft.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 124928 c:\windows\ie7updates\KB2482017-IE7\advpack.dll
+ 2004-10-25 15:39 . 2010-12-20 23:08 1168384 c:\windows\system32\urlmon.dll
- 2004-10-25 15:39 . 2010-11-06 00:34 1168384 c:\windows\system32\urlmon.dll
- 2004-08-20 22:01 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-20 22:01 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2004-10-25 15:39 . 2010-12-20 23:08 3606528 c:\windows\system32\mshtml.dll
- 2006-10-17 18:33 . 2010-11-06 00:34 6075904 c:\windows\system32\ieframe.dll
+ 2006-10-17 18:33 . 2010-12-20 23:08 6075904 c:\windows\system32\ieframe.dll
+ 2011-02-18 04:01 . 2010-12-14 23:51 4184352 c:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaaplrc.dll
+ 2011-02-18 04:01 . 2010-04-20 00:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
+ 2008-10-14 17:59 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:23 . 2010-12-20 23:08 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2006-05-10 05:23 . 2010-11-06 00:34 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-14 18:01 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-14 18:01 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 18:01 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-14 18:01 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:08 . 2010-12-20 23:08 3606528 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 05:39 . 2010-12-20 23:08 6075904 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-09 05:39 . 2010-11-06 00:34 6075904 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-15 04:06 . 2011-02-15 04:06 2519552 c:\windows\Installer\76293a9.msi
+ 2011-02-18 04:06 . 2011-02-18 04:06 6596096 c:\windows\Installer\53a223b.msi
+ 2011-02-18 04:01 . 2011-02-18 04:01 3085312 c:\windows\Installer\53a19d1.msi
+ 2011-02-18 04:00 . 2011-02-18 04:00 1984000 c:\windows\Installer\53a1952.msi
+ 2011-02-18 03:55 . 2011-02-18 03:55 9472000 c:\windows\Installer\53a190a.msi
+ 2011-01-17 21:06 . 2011-01-17 21:06 5518848 c:\windows\Installer\1353d2.msp
+ 2011-02-09 03:47 . 2010-11-06 00:34 1168384 c:\windows\ie7updates\KB2482017-IE7\urlmon.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 3604480 c:\windows\ie7updates\KB2482017-IE7\mshtml.dll
+ 2011-02-09 03:47 . 2010-11-06 00:34 6075904 c:\windows\ie7updates\KB2482017-IE7\ieframe.dll
+ 2008-10-14 18:01 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-14 18:01 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 18:01 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 18:01 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-05-12 17:56 . 2011-02-09 03:47 37443528 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-20 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"WD Button Manager"="WDBtnMgr.exe" [2007-02-16 339968]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave10"=Digi32.dll
"Midi1"=BCR2000.DLL
"Midi3"=diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DriveSelect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DriveSelect.lnk
backup=c:\windows\pss\DriveSelect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MFWAKeys.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MFWAKeys.lnk
backup=c:\windows\pss\MFWAKeys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 23:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-27 09:34 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 11:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-08 00:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
2004-11-09 08:29 286786 ----a-w- c:\program files\NZSearch\nzspc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/9/2008 11:11 PM 16384]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [1/20/2006 1:38 AM 11264]
R1 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/9/2008 11:09 PM 21648]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/9/2008 11:09 PM 16400]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/9/2008 11:09 PM 97808]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/9/2008 11:09 PM 21904]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [10/18/2004 8:58 AM 15488]
S1 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 mrtRate;mrtRate; [x]
S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [8/13/2004 11:44 AM 21024]
S3 Duende;Duende Firewire Driver;c:\windows\system32\drivers\Duende.sys [5/24/2007 4:10 PM 54320]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [9/5/2007 11:05 AM 54256]
S3 L6BODP;Bass PODxt Pro Service;c:\windows\system32\drivers\L6BODP.sys [10/5/2004 8:58 PM 114048]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [10/18/2004 8:58 AM 18816]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [10/18/2004 8:58 AM 24320]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [10/18/2004 8:58 AM 120576]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/15/2006 11:28 PM 13504]
S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [1/15/2006 11:28 PM 22304]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-02-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2011-02-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-02 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchURL,(Default) = hxxp://www.yahoo.com/
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\c0djjq0p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 11:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-19 11:43:53
ComboFix-quarantined-files.txt 2011-02-19 16:43
ComboFix2.txt 2011-01-30 17:00
ComboFix3.txt 2011-01-26 20:24
ComboFix4.txt 2009-01-19 01:58

Pre-Run: 16,461,664,256 bytes free
Post-Run: 16,605,044,736 bytes free

- - End Of File - - 1D50A21334D9D6F7DCB0EBD2265C9760

 

[Blade81]

Hi,

Please run ComboFix with this cfscript contents:

DeQuarantine::
c:\qoobox\quarantine\c\windows\system32\msvcsv60.dll.vir
Quit::

Post back c:\DeQuarantine.txt log contents. How's the system running now?