Smitfraud-C.CoreService

S

sweety

New member
spybot it is showing that I have smitfraud-c.coreservice, it wont remove it this is the hjk, what should I do, let me know please, thanks so much.:red:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:50:45 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Essa\My Documents\My Received Files\HiJackThis_v2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {636F305C-D395-4241-9F02-41668A496A00} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9396f585-2747-419e-a5f2-0db0e15493e0} - C:\WINDOWS\system32\pdlxkqm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BADDD50E-7D00-4B58-BE86-6780B6BFAF3A} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7626 bytes
 
Hello ,

We are currently studying your log and will be back to you as soon as possible. Thank you for your patience.

Regards,

Rosty.
 
Hi,

welcome to safer Networking Forums. My name is Rosty and I'm going to help you with your log.

Download and Install SDFix
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Next,
  1. Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.
  2. Double click VundoFix.exe to run it.
  3. Click the Scan for Vundo button.
  4. Once it's done scanning, click the Remove Vundo button.
  5. You will receive a prompt asking if you want to remove the files, click YES
  6. Once you click yes, your desktop will go blank as it starts removing Vundo.
  7. When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

If you receive this error - "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid" , please download this file and save it to your desktop.

  • Right click on Comdlg32.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • On the text box above the Browse button, copy and paste in C:\Windows\system32.
  • Click OK.
  • Uncheck (untick) the Show extracted files box and click Finish.
  • Click on Start > Run and copy and paste in the following into the Run box:

    REGSVR32 C:\Windows\system32\comdlg32.ocx
  • Press Enter.
  • You should receive this message - "DllRegisterServer in C:\Windows\system32\comdlg32.ocx succeeded."
  • Click OK and restart your computer. Then try running VundoFix again.


Next,
Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.


Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Please open HijackThis, click do a scan only and place a check next to the following entries:

O2 - BHO: (no name) - {636F305C-D395-4241-9F02-41668A496A00} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9396f585-2747-419e-a5f2-0db0e15493e0} - C:\WINDOWS\system32\pdlxkqm.dll
O2 - BHO: (no name) - {BADDD50E-7D00-4B58-BE86-6780B6BFAF3A} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll

Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis.

Finally paste the contents of the Report.txt, the vundofix log and a new HijackThis log back on the forum.


Regards,

Rosty
 
this is the hijack file:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:58:15 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\Essa\My Documents\My Received Files\HiJackThis_v2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {9ad4a8b2-0d7e-d64b-daa4-5aa23e3dcdd6} - {6ddcd3e3-2aa5-4aad-b46d-e7d02b8a4da9} - C:\WINDOWS\system32\qmsfmymu.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\hgghfef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2E435E3-8B76-414A-A92E-FBA7E18A495A} - C:\WINDOWS\system32\mljgf.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [6c396d90] rundll32.exe "C:\WINDOWS\system32\uouecjbs.dll",b
O4 - HKLM\..\Run: [BM6f0a5e0c] Rundll32.exe "C:\WINDOWS\system32\dnddregh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: hgghfef - C:\WINDOWS\SYSTEM32\hgghfef.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6305 bytes

SDFix: Version 1.157

Run by Essa on Fri 03/14/2008 at 10:36 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 10:45:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x60c"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=str(7):"c:\dell\drivers\r174511\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"="C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe:*:Enabled:VoipCheapCom"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 11 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\943145d6fda2a3de96e33285d992c3a5\BIT2.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT1.tmp"

Finished!

VundoFix V7.0.3

Scan started at 9:57:21 AM 3/14/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

VundoFix V7.0.3

Scan started at 10:09:12 AM 3/14/2008

Listing files found while scanning....


VundoFix V7.0.3

Scan started at 10:12:31 AM 3/14/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...
it did not show there is any problems but my computer is s o slow I do not know why?
 
after I send you guys those logs I checked for problems with spypot and It found one entries from doubleclick, two entries from mediaplex, one entries from statcounter and three entries from virtumode and then I restarted the computer two times checking with the spybot it still showed the three entries of virtumode and some other things, what should I do?
 
Hi again,

We need to update your version of Hijackthis to the latest release.
Please find and delete the Hijackthis.exe you already have installed.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Next,
Create a Startup List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post

Please visit the webpage HERE for instructions for downloading and running ComboFix.

When finished, it shall produce a log for you. Post that log and a HiJackthis log, from the new version,and the startuplist in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:50 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [6c396d90] rundll32.exe "C:\WINDOWS\system32\suxbqjni.dll",b
O4 - HKLM\..\Run: [BM6f0a5e0c] Rundll32.exe "C:\WINDOWS\system32\dnddregh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
ComboFix 08-03-14.4 - Essa 2008-03-15 7:59:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -7:00]
Running from: C:\Documents and Settings\Essa\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM6f0a5e0c.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dnddregh.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\hgghfef.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\injqbxus.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\qgkckpov.dll
C:\WINDOWS\system32\qmsfmymu.dll
C:\WINDOWS\system32\suxbqjni.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_TNIDRIVER
-------\TnIDriver


((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 07:12 . 2008-03-15 07:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-03-14 18:55 . 2008-03-14 21:26 4,226 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-14 18:54 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-14 18:54 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-14 18:54 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-14 18:54 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-14 18:54 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-14 18:54 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-14 18:54 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-14 17:09 . 2008-03-14 17:11 <DIR> d-------- C:\Erase027.tmp
2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\CyberScrub
2008-03-14 13:28 . 2007-02-07 11:08 84 --a------ C:\WINDOWS\csact.ini
2008-03-14 12:40 . 2007-12-06 19:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-14 12:39 . 2007-12-06 19:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-14 12:39 . 2007-06-30 20:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-14 12:39 . 2007-06-30 20:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-14 12:39 . 2007-12-06 19:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-14 12:39 . 2007-12-06 19:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-14 12:39 . 2007-12-06 19:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-14 12:39 . 2007-12-06 19:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-14 12:39 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-14 09:57 . 2008-03-14 13:47 <DIR> d-------- C:\VundoFix Backups
2008-03-14 09:55 . 2008-03-14 10:47 <DIR> d-------- C:\SDFix
2008-03-14 09:54 . 2008-03-14 10:48 1,359,741 ---hs---- C:\WINDOWS\system32\sbjceuou.ini
2008-03-13 22:14 . 2008-03-13 22:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-12 15:33 . 2008-03-13 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 12:02 . 2008-03-12 12:02 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-12 11:51 . 2008-03-12 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-12 11:50 . 2008-03-12 21:24 <DIR> d-------- C:\WINDOWS\system32\typ2
2008-03-12 11:50 . 2008-03-12 11:57 <DIR> d-------- C:\WINDOWS\system32\sbc2
2008-03-12 11:50 . 2008-03-12 11:50 <DIR> d-------- C:\WINDOWS\system32\lows8
2008-03-12 11:50 . 2008-03-12 21:23 <DIR> d-------- C:\WINDOWS\system32\iDlo18
2008-03-12 11:50 . 2008-03-12 15:37 <DIR> d-------- C:\WINDOWS\system32\ech5
2008-03-12 11:50 . 2008-03-12 11:50 <DIR> d-------- C:\WINDOWS\system32\dr6
2008-03-12 11:50 . 2008-03-15 08:00 <DIR> d-------- C:\Temp
2008-03-12 11:50 . 2008-03-12 11:50 40,960 --a------ C:\Documents and Settings\Essa\f.exe
2008-03-12 10:37 . 2008-03-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-03-11 11:21 . 2008-03-12 12:02 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\LimeWire
2008-03-11 11:21 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-11 11:20 . 2008-03-11 11:21 <DIR> d-------- C:\Program Files\Java
2008-03-11 11:20 . 2008-03-11 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-02 12:38 . 2008-03-02 12:38 3,093 --a------ C:\WINDOWS\system32\Ramadan2.SDT
2008-03-02 11:01 . 2008-03-02 11:01 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2008-03-02 11:01 . 2008-03-02 12:39 94,208 --a------ C:\WINDOWS\system32\ScrUnZip.dll
2008-02-29 12:37 . 2008-02-29 12:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-29 12:36 . 2008-02-29 12:36 <DIR> d-------- C:\WINDOWS\system32\athan
2008-02-29 12:36 . 2008-02-29 12:37 <DIR> d-------- C:\Program Files\Athan
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-27 12:55 . 2008-02-27 12:55 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\BestOn
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\Program Files\BestOn
2008-02-27 12:50 . 2008-02-27 12:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-27 12:50 . 2008-02-27 12:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-22 18:16 . 2008-02-22 18:16 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-18 13:01 . 2008-02-18 13:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-17 07:07 . 2008-02-17 07:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-17 07:07 . 2008-02-17 07:08 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 06:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 06:59 --------- d-----w C:\Program Files\Google
2008-02-23 01:16 --------- d-----w C:\Program Files\Real
2008-02-23 01:16 --------- d-----w C:\Program Files\Common Files\Real
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\Essa\Application Data\DivX
2008-02-14 20:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 22:57 --------- d-----w C:\Documents and Settings\Essa\Application Data\Roxio
2008-02-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 19:55 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-13 19:54 --------- d-----w C:\Program Files\Roxio
2008-02-13 19:54 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 21:08 --------- d-----w C:\Documents and Settings\Essa\Application Data\VoipCheapCom
2008-02-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 17:13 --------- d-----w C:\Program Files\Common Files\EZVGACam
2008-02-11 17:13 --------- d-----w C:\Documents and Settings\Essa\Application Data\InstallShield
2008-02-11 17:01 --------- d-----w C:\Program Files\DivX
2008-02-11 03:07 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-11 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-11 03:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 02:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 02:54 --------- d-----w C:\Program Files\Windows Live
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-10 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 23:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:37 --------- d-----w C:\Program Files\SigmaTel
2008-02-10 21:26 --------- d-----w C:\Documents and Settings\Essa\Application Data\ATI
2008-02-10 21:23 --------- d-----w C:\Program Files\ATI Technologies
2008-02-10 21:19 --------- d-----w C:\Program Files\Dell
2008-02-10 21:18 --------- d-----w C:\Program Files\DIFX
2008-02-10 21:18 --------- d-----w C:\Program Files\Broadcom
2008-02-10 21:17 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 21:17 --------- d-----w C:\Program Files\AMD
2008-02-10 01:08 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-11-29 17:28 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 15:12 843776]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 18:15 185896]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 12:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfef]
hgghfef.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 06:38:03 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 08:05:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-03-15 8:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 15:07:42
.
2008-03-15 06:43:55 --- E O F ---
 
Make an uninstall list using HijackThisTo access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Please post that log.
 
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AMD Processor Driver
Athan Basic 3.3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
AVG 7.5
Broadcom 440x 10/100 Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Wireless WLAN Card
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Ezonics VGA camera
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java(TM) 6 Update 4
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Script Debugger
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Theme Nunavut
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946501-v2)
Update for Windows XP (KB946627)
WebCam Suite 2.0
Windows Defender
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 1
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Winter Fun Pack for Windows Movie Maker 2
 
Hi,
sorry for the delay in getting back to you.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next,
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\Erase027.tmp
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\csact.ini
C:\Documents and Settings\Essa\f.exe
C:\WINDOWS\system32\sbjceuou.ini

Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\typ2
C:\WINDOWS\system32\sbc2
C:\WINDOWS\system32\lows8
C:\WINDOWS\system32\iDlo18
C:\WINDOWS\system32\ech5
C:\WINDOWS\system32\dr6
C:\SDFix


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghfef]
Click to expand...


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif


5. Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log
  • The MBAM log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:30 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7144 bytes


Malwarebytes' Anti-Malware 1.08
Database version: 499

Scan type: Full Scan (C:\|)
Objects scanned: 74202
Time elapsed: 27 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\Documents and Settings\Essa\f.exe.vir (Spyware.FirePass) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dr6\crecomdll1.exe.vir (Adware.RABCO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lows8\spgdn65.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP33\A0017598.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP37\A0017773.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP45\A0027312.exe (Spyware.FirePass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034304.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034305.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16AB1EB2-F061-41BA-8DFB-588BA17FD282}\RP76\A0034306.exe (Spyware.FirePass) -> Quarantined and deleted successfully.
 
I am trying to post the combo log but it will not post it, it is saying that it is too long, so what should I do.
 
ComboFix 08-03-14.4 - Essa 2008-03-17 14:35:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -7:00]
Running from: C:\Documents and Settings\Essa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Essa\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Essa\f.exe
C:\Erase027.tmp
C:\WINDOWS\csact.ini
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\sbjceuou.ini
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\Malwarebytes
2008-03-17 14:16 . 2008-03-17 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-16 21:41 . 2008-03-16 21:41 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-16 16:48 . 2008-03-16 16:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 16:48 . 2008-03-16 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 09:45 . 2008-03-17 03:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-16 09:45 . 2008-03-17 03:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 17:17 . 2008-03-15 17:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 11:30 . 2008-03-15 11:32 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-03-15 11:18 . 2008-03-15 11:18 <DIR> d-------- C:\Program Files\MSECache
2008-03-15 10:55 . 2008-03-15 10:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-15 10:55 . 2008-03-15 10:55 <DIR> d-------- C:\d032524d5b2c5336a8
2008-03-15 10:55 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-15 10:54 . 2008-03-15 10:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 10:54 . 2008-03-15 10:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 10:39 . 2008-03-15 10:39 <DIR> d-------- C:\Documents and Settings\Essa\SecurityScans
2008-03-15 10:35 . 2008-03-15 10:35 <DIR> d-------- C:\Program Files\Microsoft Script Debugger
2008-03-15 10:33 . 2008-03-15 10:33 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2008-03-15 10:30 . 2008-03-15 10:30 870 --a------ C:\Microsoft Baseline Security Analyzer 2.0.1.lnk
2008-03-15 10:24 . 2008-03-15 17:20 <DIR> d-------- C:\DECCHECK
2008-03-15 10:18 . 2008-03-15 10:18 <DIR> d-------- C:\MMSTFX
2008-03-15 10:17 . 2008-03-15 10:17 <DIR> d-------- C:\Program Files\Temp
2008-03-15 10:07 . 2008-03-15 10:08 1,127,928 --a------ C:\wmm_wdm_sdk.EXE
2008-03-15 10:04 . 2008-03-15 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-15 09:43 . 2008-03-15 09:43 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-15 09:27 . 2008-03-15 09:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-15 09:27 . 2008-03-15 09:27 1,454,656 --a------ C:\Silverlight.exe
2008-03-15 08:47 . 2008-03-17 10:52 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\AVG7
2008-03-15 08:46 . 2008-03-15 08:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-15 08:46 . 2008-03-15 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-15 08:46 . 2008-03-15 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-15 07:39 . 2008-03-15 07:39 4,608,744 --a------ C:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
2008-03-15 07:12 . 2008-03-15 07:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-14 23:37 . 2008-03-14 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-03-14 18:54 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-14 18:54 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-14 17:09 . 2008-03-14 17:11 <DIR> d-------- C:\Erase027.tmp
2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\CyberScrub
2008-03-14 12:46 . 2008-03-14 12:46 <DIR> d-------- C:\a15e813a9591e01ef639
2008-03-14 12:40 . 2008-03-03 20:01 585,728 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-14 12:39 . 2008-03-03 20:01 8,016,384 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-14 12:39 . 2008-02-07 17:48 3,670,112 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-14 12:39 . 2008-03-03 20:01 1,110,016 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-14 12:39 . 2008-03-03 19:34 440,832 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-14 12:39 . 2008-03-03 19:50 268,800 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-14 12:39 . 2008-03-03 19:50 60,928 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-14 12:39 . 2008-03-03 20:01 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-14 12:39 . 2007-12-06 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-14 10:56 . 2008-03-15 09:57 <DIR> d-------- C:\backups
2008-03-13 22:14 . 2008-03-13 22:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-12 15:33 . 2008-03-13 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 11:51 . 2008-03-12 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-12 11:50 . 2008-03-15 09:55 <DIR> d-------- C:\Temp
2008-03-12 10:37 . 2008-03-12 10:37 <DIR> d-------- C:\WINDOWS\Sun
2008-03-11 11:21 . 2008-03-12 12:02 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\LimeWire
2008-03-11 11:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-11 11:20 . 2008-03-16 20:25 <DIR> d-------- C:\Program Files\Java
2008-03-11 11:20 . 2008-03-11 11:20 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-11 10:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll
2008-03-02 12:38 . 2008-03-02 12:38 3,093 --a------ C:\WINDOWS\system32\Ramadan2.SDT
2008-03-02 11:01 . 2008-03-02 11:01 129,536 --a------ C:\WINDOWS\system32\IJL15.dll
2008-03-02 11:01 . 2008-03-02 12:39 94,208 --a------ C:\WINDOWS\system32\ScrUnZip.dll
2008-02-29 12:37 . 2008-02-29 12:36 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-29 12:36 . 2008-02-29 12:36 <DIR> d-------- C:\WINDOWS\system32\athan
2008-02-29 12:36 . 2008-02-29 12:37 <DIR> d-------- C:\Program Files\Athan
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-02-28 17:58 . 2001-08-17 14:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-02-27 12:55 . 2008-02-27 12:55 <DIR> d-------- C:\Documents and Settings\Essa\Application Data\BestOn
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-02-27 12:51 . 2008-02-27 12:51 <DIR> d-------- C:\Program Files\BestOn
2008-02-27 12:50 . 2008-03-15 10:47 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-02-27 12:50 . 2008-02-27 12:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-22 18:16 . 2008-02-22 18:16 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-20 22:33 . 2008-02-20 22:33 13,366 --------- C:\WINDOWS\system32\IE8Eula.rtf
2008-02-18 13:01 . 2008-02-18 13:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-17 07:07 . 2008-02-17 07:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-17 07:07 . 2008-02-17 07:08 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 06:07 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 06:59 --------- d-----w C:\Program Files\Google
2008-03-05 23:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 23:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 23:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 22:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 22:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-04 03:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-04 03:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-03-04 03:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-03-04 02:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-04 02:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-04 02:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-04 02:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-04 02:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-04 02:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-04 02:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-04 02:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-02-23 01:16 --------- d-----w C:\Program Files\Real
2008-02-23 01:16 --------- d-----w C:\Program Files\Common Files\Real
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-18 20:01 --------- d-----w C:\Documents and Settings\Essa\Application Data\DivX
2008-02-14 20:22 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 22:57 --------- d-----w C:\Documents and Settings\Essa\Application Data\Roxio
2008-02-13 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-13 19:55 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-13 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-13 19:54 --------- d-----w C:\Program Files\Roxio
2008-02-13 19:54 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-13 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-11 21:08 --------- d-----w C:\Documents and Settings\Essa\Application Data\VoipCheapCom
2008-02-11 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 17:13 --------- d-----w C:\Program Files\Common Files\EZVGACam
2008-02-11 17:13 --------- d-----w C:\Documents and Settings\Essa\Application Data\InstallShield
2008-02-11 17:01 --------- d-----w C:\Program Files\DivX
2008-02-11 03:07 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-11 03:06 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-11 03:05 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-11 02:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
 
2008-02-11 02:54 --------- d-----w C:\Program Files\Windows Live
2008-02-10 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 23:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:37 --------- d-----w C:\Program Files\SigmaTel
2008-02-10 21:26 --------- d-----w C:\Documents and Settings\Essa\Application Data\ATI
2008-02-10 21:23 --------- d-----w C:\Program Files\ATI Technologies
2008-02-10 21:19 --------- d-----w C:\Program Files\Dell
2008-02-10 21:18 --------- d-----w C:\Program Files\DIFX
2008-02-10 21:18 --------- d-----w C:\Program Files\Broadcom
2008-02-10 21:17 --------- d-----w C:\Program Files\CONEXANT
2008-02-10 21:17 --------- d-----w C:\Program Files\AMD
2008-02-10 01:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 06:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-02-05 01:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-01-11 18:35 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-01-11 18:35 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-01-11 18:35 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-12-31 12:07 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-15_ 8.07.34.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-03-15 17:48:06 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-03-15 17:48:07 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-03-15 17:48:07 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-03-15 17:47:53 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:55 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:56 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:56 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:57 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:58 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:47:59 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:48:07 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-03-15 17:48:08 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-03-15 17:48:08 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-03-15 17:48:08 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-03-15 17:48:09 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-03-15 17:48:05 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2007-08-14 01:39:20 71,680 -c--a-w C:\WINDOWS\ie8\admparse.dll
+ 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\ie8\advpack.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie8\corpol.dll
+ 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\ie8\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\ie8\dxtrans.dll
+ 2007-08-14 01:18:02 60,416 -c--a-w C:\WINDOWS\ie8\hmmapi.dll
+ 2007-12-07 02:21:45 63,488 -c--a-w C:\WINDOWS\ie8\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\ie8\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\ie8\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\ie8\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\ie8\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dat
+ 2007-12-07 02:21:45 383,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\ie8\iedkcs32.dll
+ 2007-08-14 01:44:02 69,120 -c--a-w C:\WINDOWS\ie8\iedw.exe
+ 2007-08-14 01:45:18 78,336 -c--a-w C:\WINDOWS\ie8\ieencode.dll
+ 2007-12-07 02:21:46 6,066,176 -c--a-w C:\WINDOWS\ie8\ieframe.dll
+ 2007-08-14 01:54:10 191,488 -c--a-w C:\WINDOWS\ie8\iepeers.dll
+ 2007-08-14 01:54:10 287,744 -c--a-w C:\WINDOWS\ie8\ieproxy.dll
+ 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\ie8\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c--a-w C:\WINDOWS\ie8\iertutil.dll
+ 2007-08-14 01:39:12 55,296 -c--a-w C:\WINDOWS\ie8\iesetup.dll
+ 2007-08-14 01:54:10 180,736 -c--a-w C:\WINDOWS\ie8\ieui.dll
+ 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\ie8\iexplore.exe
+ 2007-08-14 01:36:06 36,352 -c--a-w C:\WINDOWS\ie8\imgutil.dll
+ 2007-08-14 01:39:02 92,672 -c--a-w C:\WINDOWS\ie8\inseng.dll
+ 2007-08-14 01:38:04 491,520 -c--a-w C:\WINDOWS\ie8\jscript.dll
+ 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\ie8\jsproxy.dll
+ 2007-08-14 01:44:18 40,960 -c--a-w C:\WINDOWS\ie8\licmgr10.dll
+ 2007-12-07 02:21:47 459,264 -c--a-w C:\WINDOWS\ie8\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c--a-w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2007-08-14 01:36:40 12,288 -c--a-w C:\WINDOWS\ie8\msfeedssync.exe
+ 2007-08-14 01:32:30 45,568 -c--a-w C:\WINDOWS\ie8\mshta.exe
+ 2007-12-08 17:51:48 3,592,192 -c--a-w C:\WINDOWS\ie8\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\ie8\mshtmled.dll
+ 2007-08-14 01:01:12 48,128 -c--a-w C:\WINDOWS\ie8\mshtmler.dll
+ 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\ie8\msls31.dll
+ 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\ie8\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\ie8\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\ie8\occache.dll
+ 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie8\spuninst.exe
+ 2008-03-04 03:01:58 51,784 -c--a-w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-01-11 18:35:36 213,216 -c--a-w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-01-11 18:35:36 371,424 -c--a-w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\ie8\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\ie8\urlmon.dll
+ 2007-08-14 01:54:10 413,696 -c--a-w C:\WINDOWS\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\ie8\vgx.dll
+ 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\ie8\webcheck.dll
+ 2007-08-14 01:45:16 206,336 -c--a-w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\ie8\wininet.dll
- 2004-08-04 12:00:00 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-03-23 02:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-23 02:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 20:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 20:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 21:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 20:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 20:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-19 00:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 20:35:04 6,747,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 20:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 20:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 20:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 20:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 20:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 20:35:46 133,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 20:36:08 612,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 20:34:48 562,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-23 02:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 02:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 02:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-10 00:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 20:37:40 12,310,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2007-05-10 00:19:48 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
- 2008-03-15 06:09:34 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-03-15 16:54:29 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-15 06:09:34 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-15 16:54:29 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-15 06:09:34 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-03-15 16:54:29 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-15 06:09:34 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-15 16:54:29 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-15 06:09:34 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-15 16:54:29 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-15 06:09:34 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-15 16:54:29 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-15 06:09:34 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-15 16:54:30 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-15 06:09:35 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-15 16:54:30 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-15 06:09:34 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-15 16:54:29 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-15 06:09:34 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-03-15 16:54:29 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-15 06:09:35 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-15 16:54:30 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-15 06:09:33 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-15 16:54:29 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-15 06:09:33 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-15 16:54:29 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-15 06:14:12 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-15 16:52:56 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-15 06:14:12 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
 
+ 2008-03-15 16:52:57 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-15 06:14:12 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-15 16:52:57 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-15 06:14:12 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-03-15 16:52:56 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2005-03-18 23:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 23:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 23:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 19:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 23:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 23:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 23:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 23:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 23:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 22:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 02:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 22:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 00:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 21:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 00:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 14:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 18:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvadvd.dll
- 2005-01-28 21:44:28 396,528 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2004-08-11 08:45:04 380,144 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
- 2005-01-28 21:44:28 774,904 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2004-08-11 08:45:04 773,368 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
- 2005-01-28 21:44:28 413,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2004-08-11 08:45:06 531,192 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
- 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2004-08-11 08:45:06 1,181,944 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
- 2005-01-28 21:44:28 895,736 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-11 08:45:06 871,160 ----a-w C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-04 02:51:42 126,464 ----a-w C:\WINDOWS\system32\advpack.dll
- 2002-12-11 23:16:58 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 276,992 ------w C:\WINDOWS\system32\audiodev.dll
- 2005-01-28 21:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 04:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2005-01-28 21:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2007-03-12 23:42:30 1,123,696 ----a-w C:\WINDOWS\system32\D3DCompiler_33.dll
+ 2007-05-16 23:45:16 1,124,720 ----a-w C:\WINDOWS\system32\D3DCompiler_34.dll
+ 2007-07-20 01:14:42 1,358,192 ----a-w C:\WINDOWS\system32\D3DCompiler_35.dll
+ 2007-10-12 22:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
+ 2007-03-15 23:57:58 443,752 ----a-w C:\WINDOWS\system32\d3dx10_33.dll
+ 2007-05-16 23:45:16 443,752 ----a-w C:\WINDOWS\system32\d3dx10_34.dll
+ 2007-07-20 01:14:42 444,776 ----a-w C:\WINDOWS\system32\d3dx10_35.dll
+ 2007-10-02 16:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
+ 2005-02-06 02:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-19 00:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 22:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 02:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-06 01:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 15:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 19:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-28 23:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 20:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2007-03-12 23:42:30 3,495,784 ----a-w C:\WINDOWS\system32\d3dx9_33.dll
+ 2007-05-16 23:45:16 3,497,832 ----a-w C:\WINDOWS\system32\d3dx9_34.dll
+ 2007-07-20 01:14:42 3,727,720 ----a-w C:\WINDOWS\system32\d3dx9_35.dll
+ 2007-10-12 22:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
- 2007-08-14 01:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-04 02:51:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-04 02:51:42 126,464 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2002-12-11 23:16:58 7,680 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2005-01-28 21:44:28 294,912 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 04:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2005-01-28 21:44:28 164,864 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 04:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 35,328 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2008-03-04 02:52:20 17,920 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2005-01-28 21:44:28 502,272 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-04 02:50:34 345,600 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-04 02:50:30 212,992 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-04 02:46:02 68,096 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-04 02:51:52 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-04 02:51:56 119,808 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-04 02:52:04 224,768 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-04 02:51:50 149,504 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-04 02:52:02 349,184 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-03-04 02:52:46 70,656 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-14 01:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-04 02:53:14 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-14 01:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-04 03:01:22 184,320 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-04 02:51:46 44,032 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-03-04 02:51:48 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-03-04 02:52:48 599,552 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-03-04 02:50:30 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-14 01:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-03-04 02:51:46 94,208 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-14 01:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-04 02:51:38 557,056 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-04 03:01:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2005-01-28 21:44:28 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 04:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2007-08-14 01:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2008-03-04 02:52:54 41,984 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2005-01-28 21:44:28 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 03:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-04 12:00:00 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2007-12-31 12:07:20 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-08-14 01:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-04 02:50:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-12-08 17:51:48 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-04 03:01:22 5,120,000 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-04 03:01:22 68,608 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-03-04 02:50:16 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-04 03:01:22 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2005-01-28 21:44:28 142,336 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2005-01-28 21:44:28 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 04:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2005-01-28 21:44:28 173,568 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 04:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-04 02:52:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2005-01-28 21:44:28 364,784 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 23:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-04 03:01:22 629,248 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2005-01-28 21:44:28 315,904 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 04:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-04 02:52:52 116,224 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-04 02:50:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2005-01-28 21:44:28 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 04:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 12:00:00 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2008-01-11 18:35:32 134,144 -c----w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2004-08-04 12:00:00 208,896 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-04 02:52:54 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-04 03:01:22 1,188,352 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-03-04 03:01:22 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-04 03:01:22 755,200 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-04 03:01:22 233,984 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-04 03:01:22 830,464 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 21:44:28 396,528 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2005-01-28 21:44:28 716,288 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-28 01:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 00:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2005-01-28 21:44:28 28,160 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 04:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2005-01-28 21:44:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 04:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-04 12:00:00 168,448 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2005-01-28 21:44:28 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 04:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2005-01-28 21:44:28 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 10:22:16 4,734,976 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 12:00:00 114,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-04 12:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 12:00:00 233,472 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-04 12:00:00 2,940,928 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2005-01-28 21:44:28 774,904 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2005-01-28 21:44:28 1,119,744 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 21:44:28 413,944 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 21:44:28 940,544 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2005-01-28 21:44:28 895,736 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2005-01-28 21:44:28 1,003,008 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2008-03-15 15:46:46 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-03-15 15:46:54 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-03-15 15:46:55 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-03-15 15:56:42 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-03-15 15:56:40 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-03-15 15:46:55 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
+ 2006-10-19 04:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 21:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 03:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-29 01:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 02:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-19 03:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
 
- 2005-01-28 21:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 04:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-04 02:50:34 345,600 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-04 02:50:30 212,992 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-15 06:40:29 291,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-15 18:40:34 310,784 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-04 02:50:40 60,928 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-03-04 02:51:52 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-04 02:51:56 119,808 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-04 02:52:04 224,768 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-03-04 02:51:50 149,504 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-02-08 00:48:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-04 02:34:48 440,832 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-04 02:52:02 349,184 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-04 03:01:22 8,016,384 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-03-04 03:01:22 184,320 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-04 02:51:46 44,032 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-04 02:50:38 268,800 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-03-04 02:51:46 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-14 01:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-03-04 03:01:22 181,248 ----a-w C:\WINDOWS\system32\ieui.dll
- 2007-08-14 01:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-03-04 02:51:46 94,208 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-12-14 07:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-12-14 07:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-12-14 08:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-08-14 01:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-03-04 02:51:38 557,056 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-12-07 02:21:47 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-04 03:01:22 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 22:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 22:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2005-01-28 21:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 04:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2005-01-28 21:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 03:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 1999-02-28 09:32:52 124,200 ----a-w C:\WINDOWS\system32\mdm.exe
+ 2006-10-19 04:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 04:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 12:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 04:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 12:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 04:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 12:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 04:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 1999-02-28 09:31:26 69,120 ----a-w C:\WINDOWS\system32\msdbg.dll
+ 2006-10-02 22:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-04 03:01:22 585,728 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-04 03:01:22 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-03-04 02:50:46 52,736 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2007-12-08 17:51:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-04 03:01:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-04 03:01:22 68,608 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-01-28 21:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 04:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2005-01-28 21:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 04:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2005-01-28 21:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 04:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-04 02:52:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2005-01-28 21:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-12-04 23:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-04 03:01:22 629,248 ----a-w C:\WINDOWS\system32\mstime.dll
- 2005-01-28 21:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 04:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-04 02:52:52 116,224 ----a-w C:\WINDOWS\system32\occache.dll
+ 1999-02-28 09:32:16 183,574 ----a-w C:\WINDOWS\system32\pdm.dll
- 2008-03-15 14:11:08 60,182 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-17 21:35:44 61,026 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-15 14:11:08 398,128 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-17 21:35:44 401,032 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-04 02:50:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-19 04:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 04:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 04:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 04:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 04:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2007-02-15 22:22:26 688,000 ----a-w C:\WINDOWS\system32\SelfHelpControl.DLL
- 2006-12-10 22:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-07 00:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-04 02:52:54 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-04 03:01:22 1,188,352 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-01-28 21:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2005-01-28 21:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 04:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2005-01-28 21:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 04:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-04 03:01:22 233,984 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-14 01:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-03-04 02:53:08 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2005-01-28 21:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 04:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2005-01-28 21:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 04:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 00:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 21:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 04:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2005-01-28 21:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 04:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2005-01-28 21:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 04:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2005-01-28 21:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 04:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 04:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 12:00:00 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2005-01-28 21:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 04:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2005-01-28 21:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 04:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 10:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 12:00:00 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 12:00:00 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-19 04:47:20 1,661,440 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 12:00:00 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
 
+ 2006-10-19 04:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 12:00:00 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 204,288 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2005-01-28 21:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2005-01-28 21:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2005-01-28 21:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 04:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2005-01-28 21:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 04:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2005-01-28 21:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2005-01-28 21:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 04:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 04:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2005-01-28 21:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2005-01-28 21:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 04:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 04:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 04:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 04:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2005-01-28 21:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 04:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2005-01-28 21:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 04:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2005-01-28 21:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 04:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2005-01-28 21:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 04:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 04:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 03:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 04:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2005-01-28 21:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 04:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-29 03:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-29 01:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-29 01:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-29 01:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-29 01:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2006-02-03 15:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 19:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2007-10-22 10:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
+ 2006-02-03 15:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 19:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2007-10-22 10:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
+ 2006-05-31 14:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 16:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-28 23:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 19:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 22:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2007-04-05 01:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
+ 2007-06-21 03:46:04 266,088 ----a-w C:\WINDOWS\system32\xactengine2_8.dll
+ 2007-07-20 07:57:12 267,112 ----a-w C:\WINDOWS\system32\xactengine2_9.dll
+ 2006-03-31 19:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 16:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2007-04-05 01:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
+ 2005-12-06 01:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 18:35:38 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-11-29 17:28 262144]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-18 15:12 843776]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-22 18:15 185896]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 12:25 1003520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 08:56 579072]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 08:46 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:34:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-15 06:38:03 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-03-17 17:54:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A40088E4-E173-4F8F-8FD8-A71A10E85160}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 14:37:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 14:37:32
ComboFix-quarantined-files.txt 2008-03-17 21:37:30
ComboFix2.txt 2008-03-15 15:07:46
.
2008-03-15 23:30:03 --- E O F ---
 
You must log in or register to reply here.
Back
Top