Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browserhijacker.deskbar redundancy issues [Closed]

Started by Tex92rs , Dec 10 2009 06:52 PM

  • This topic is locked This topic is locked

#1
Tex92rs
Posted 10 December 2009 - 06:52 PM

Tex92rs

    Member

  • Member
  • PipPip
  • 97 posts
Hello!

Im having issues with random system freezing, as well as random firefox crashes. Culprits seem to be BrowserHijacker.deskbar, and adware.hb.helper. I have scanned with Superantispyware, MBAM, Hijack this, as well as combofix. None of them can get rid of this monster. I ran superantispyware a couple times, also in safe mode to no avail.

I will post my logs.



Hijack this log :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:09 PM, on 12/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Will\My Documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU\EPU.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1214440339-682003330-725345543-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-682003330-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-682003330-725345543-1003\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1214440339-682003330-725345543-1003\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User '?')
O4 - HKUS\S-1-5-21-1214440339-682003330-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9b408c0d28a32) (gupdate1c9b408c0d28a32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: World Wide Web Publishing (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)

--
End of file - 9007 bytes
Inline Attachment Follows: ComboFix.txt
ComboFix 09-12-08.03 - Will 12/09/2009 23:02:12.5.2 - x86 MINIMAL
Running from: c:\documents and settings\Will\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 01:59 . 2009-12-10 01:59 -------- d-----w- c:\windows\LastGood
2009-12-09 13:11 . 2009-12-09 13:11 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Yahoo!
2009-12-09 13:11 . 2009-12-09 13:11 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\PCHealth
2009-12-09 13:11 . 2009-12-09 13:11 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft Help
2009-12-09 04:54 . 2009-12-09 13:11 -------- d-----w- C:\Combo-Fix
2009-12-09 04:54 . 2009-12-09 04:54 388608 ----a-w- c:\windows\system32\CF28478.exe
2009-12-08 15:14 . 2009-12-09 13:11 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\The Weather Channel
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Temp
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google
2009-12-08 04:05 . 2009-10-27 13:08 38200 ----a-w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Ahead
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 02:09 . 2009-03-22 06:13 117760 ----a-w- c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-10 01:43 . 2009-03-25 22:15 -------- d-----w- c:\program files\Google
2009-12-09 15:18 . 2009-03-22 06:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-09 13:11 . 2009-03-20 18:31 -------- d-----w- c:\program files\Java
2009-12-09 04:12 . 2009-08-20 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-08 13:58 . 2009-04-01 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 13:58 . 2009-04-11 15:35 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 04:10 . 2009-04-11 06:12 -------- d-----w- c:\program files\Winamp Remote
2009-12-05 06:40 . 2009-03-20 17:33 -------- d-----w- c:\program files\BitComet
2009-12-03 22:14 . 2009-04-01 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-04-01 03:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 04:07 . 2009-05-02 01:03 512 ----a-w- C:\drmHeader.bin
2009-10-31 14:45 . 2009-03-20 17:34 -------- d-----w- c:\program files\DivX
2009-10-31 14:45 . 2009-04-23 05:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-27 13:08 . 2009-03-20 16:46 38200 ----a-w- c:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 01:14 . 2009-04-12 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-18 18:33 . 2009-10-18 18:33 -------- d-----w- c:\documents and settings\Will\Application Data\Nero
2009-10-18 18:31 . 2009-10-18 18:24 -------- d-----w- c:\program files\Common Files\Nero
2009-10-18 18:31 . 2009-10-18 18:24 -------- d-----w- c:\program files\Nero
2009-10-18 18:26 . 2009-10-18 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-18 17:41 . 2009-07-30 02:52 -------- d-----w- c:\program files\Ahead
2009-10-18 17:41 . 2009-07-30 02:52 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 05:56 . 2004-08-04 12:00 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-17 18:51 . 2009-09-17 18:51 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 17:58 . 2009-09-17 17:58 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-10-12 23:17 . 2007-03-22 19:35 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-02-13 18:07 . 2007-03-22 19:35 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------


[-] 2009-04-27 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-27 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-12-09_05.11.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-09 13:00 . 2009-12-09 13:13 12051040 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-25 39408]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-12-31 33546240]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2009-01-03 4067840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26957:TCP"= 26957:TCP:BitComet 26957 TCP
"26957:UDP"= 26957:UDP:BitComet 26957 UDP
"53:UDP"= 53:UDP:Promo
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5241:TCP"= 5241:TCP:Services

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
R2 gupdate1c9b408c0d28a32;Google Update Service (gupdate1c9b408c0d28a32);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R2 hsndcejv;Terminal Server Device Redirector Helper;c:\windows\System32\svchost.exe [2004-08-04 14336]
R2 mujrtv;mujrtv;c:\windows\system32\drivers\shab.sys [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 supsiip;supsiip;c:\windows\system32\drivers\ytxelw.sys [x]
R2 udosars;udosars;c:\windows\system32\drivers\hisvd.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-19 993280]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\mehpbcpp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 23:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Fast Browser Search\\IE\\tbhelper.dll"
"ThreadingModel"="both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0]
@DACL=(02 0000)
@="URLSearchHook 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0]
@DACL=(02 0000)
@="Toolbar3 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\URLSearchHook.ToolbarURLSearchHook\CLSID]
@DACL=(02 0000)
@="{CA3EB689-8F09-4026-AA10-B9534C691CE0}"

[HKEY_LOCAL_MACHINE\software\Classes\URLSearchHook.ToolbarURLSearchHook.1\CLSID]
@DACL=(02 0000)
@="{CA3EB689-8F09-4026-AA10-B9534C691CE0}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\msi.dll
.
Completion time: 2009-12-09 23:11:58
ComboFix-quarantined-files.txt 2009-12-10 05:11
ComboFix2.txt 2009-12-09 05:13
ComboFix3.txt 2009-08-16 00:28
ComboFix4.txt 2009-08-15 22:36
ComboFix5.txt 2009-12-10 05:01

Pre-Run: 157,783,642,112 bytes free
Post-Run: 157,754,335,232 bytes free

- - End Of File - - 7E9A95A6C785CB936CD2085830C981BC





















Combofix log :




ComboFix 09-12-08.03 - Will 12/08/2009 23:03:54.4.2 - x86
Running from: c:\documents and settings\Will\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 04:54 . 2009-12-09 04:54 -------- d-----w- C:\Combo-Fix
2009-12-09 04:54 . 2009-12-09 04:54 388608 ----a-w- c:\windows\system32\CF28478.exe
2009-12-09 04:14 . 2009-12-09 04:14 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Yahoo!
2009-12-09 04:14 . 2009-12-09 04:14 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\PCHealth
2009-12-09 04:14 . 2009-12-09 04:14 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Microsoft Help
2009-12-08 15:14 . 2009-12-08 15:14 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\The Weather Channel
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Temp
2009-12-08 04:06 . 2009-12-08 04:06 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Identities
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Google
2009-12-08 04:05 . 2009-10-27 13:08 38200 ----a-w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple Computer
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Apple
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Ahead
2009-12-08 04:05 . 2009-12-08 04:05 -------- d-----w- c:\documents and settings\HelpAssistant\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 04:50 . 2009-03-22 06:13 117760 ----a-w- c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-09 04:12 . 2009-08-20 12:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 04:12 . 2009-03-20 18:31 -------- d-----w- c:\program files\Java
2009-12-08 23:55 . 2009-03-22 06:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-08 20:23 . 2009-04-03 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-08 13:58 . 2009-04-01 03:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 13:58 . 2009-04-11 15:35 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-08 04:10 . 2009-04-11 06:12 -------- d-----w- c:\program files\Winamp Remote
2009-12-05 06:40 . 2009-03-20 17:33 -------- d-----w- c:\program files\BitComet
2009-12-03 22:14 . 2009-04-01 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-04-01 03:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 06:20 . 2009-03-25 22:15 -------- d-----w- c:\program files\Google
2009-11-01 04:07 . 2009-05-02 01:03 512 ----a-w- C:\drmHeader.bin
2009-10-31 14:45 . 2009-03-20 17:34 -------- d-----w- c:\program files\DivX
2009-10-31 14:45 . 2009-04-23 05:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-27 13:08 . 2009-03-20 16:46 38200 ----a-w- c:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 01:14 . 2009-04-12 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-18 18:33 . 2009-10-18 18:33 -------- d-----w- c:\documents and settings\Will\Application Data\Nero
2009-10-18 18:31 . 2009-10-18 18:24 -------- d-----w- c:\program files\Common Files\Nero
2009-10-18 18:31 . 2009-10-18 18:24 -------- d-----w- c:\program files\Nero
2009-10-18 18:26 . 2009-10-18 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-18 17:41 . 2009-07-30 02:52 -------- d-----w- c:\program files\Ahead
2009-10-18 17:41 . 2009-07-30 02:52 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 05:56 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-17 18:51 . 2009-09-17 18:51 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 17:58 . 2009-09-17 17:58 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-10-12 23:17 . 2007-03-22 19:35 3072 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-02-13 18:07 . 2007-03-22 19:35 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------


[-] 2009-04-27 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-04-27 . 3C966F647BAB332093CB0F92692B5CB8 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2009-08-15_22.36.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-11-25 09:18 . 2009-11-25 09:18 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
+ 2009-12-09 05:03 . 2009-12-09 05:03 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2008-10-16 20:09 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-10-22 09:47 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2009-03-24 03:22 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-03-24 03:22 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-10-06 07:51 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-06 07:51 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 39424 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
- 2009-03-26 03:33 . 2009-04-18 05:31 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-03-26 03:33 . 2009-08-20 12:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-04 12:00 . 2009-09-25 05:56 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 96256 c:\windows\system32\inseng.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 55808 c:\windows\system32\extmgr.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
- 2004-08-04 12:00 . 2009-06-26 16:18 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-03-20 16:13 . 2009-09-18 09:56 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-03-20 16:13 . 2009-06-22 11:38 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 12:00 . 2009-09-25 05:56 55808 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-07-25 01:37 . 2008-10-16 20:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-08-15 22:36 . 2004-08-04 12:00 13824 c:\windows\system32\dllcache\cache\wscntfy.exe
+ 2009-07-25 01:37 . 2004-08-04 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-07-25 01:37 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-07-25 01:37 . 2004-08-04 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-07-25 01:37 . 2004-08-04 12:00 89088 c:\windows\system32\dllcache\cache\rasauto.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 33792 c:\windows\system32\dllcache\cache\msgsvc.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-07-25 01:37 . 2004-08-04 12:00 22016 c:\windows\system32\dllcache\cache\lpk.dll
+ 2009-07-25 01:37 . 2004-08-04 03:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-07-25 01:37 . 2004-08-04 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-07-25 01:37 . 2004-08-04 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-08-15 22:36 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\asyncmac.sys
+ 2009-07-25 01:37 . 2004-08-04 12:00 11648 c:\windows\system32\dllcache\cache\acpiec.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 95360 c:\windows\system32\dllcache\atapi.sys
+ 2009-08-27 00:44 . 2009-11-15 16:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-20 16:21 . 2009-11-15 16:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-20 16:21 . 2009-08-15 22:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-20 16:21 . 2009-08-15 22:11 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-20 16:21 . 2009-11-15 16:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2009-10-31 18:53 . 2009-10-31 18:53 22528 c:\windows\Installer\3677a1a.msi
+ 2009-10-18 18:31 . 2009-10-18 18:31 22016 c:\windows\Installer\2e8dca.msi
+ 2009-10-18 18:31 . 2009-10-18 18:31 28160 c:\windows\Installer\2e8dc5.msi
+ 2009-10-18 18:31 . 2009-10-18 18:31 38400 c:\windows\Installer\2e8dbb.msi
+ 2009-10-18 18:24 . 2009-10-18 18:24 44544 c:\windows\Installer\2e8d6a.msi
+ 2009-10-18 18:23 . 2009-10-18 18:23 32256 c:\windows\Installer\2e8d61.msi
+ 2009-11-25 09:00 . 2009-11-25 09:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-26 06:20 . 2009-11-26 06:20 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-11-26 06:21 . 2009-11-26 06:21 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-11-26 06:20 . 2009-11-26 06:20 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-11-26 06:20 . 2009-11-26 06:20 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-11-26 06:20 . 2009-11-26 06:21 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-11-26 06:20 . 2009-11-26 06:20 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-11-26 06:20 . 2009-11-26 06:20 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\ARPPRODUCTICON.exe
+ 2009-10-15 08:00 . 2004-08-04 12:00 57344 c:\windows\$NtUninstallKB974571$\msasn1.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 39424 c:\windows\$NtUninstallKB974455$\pngfilt.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 16384 c:\windows\$NtUninstallKB974455$\jsproxy.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 96256 c:\windows\$NtUninstallKB974455$\inseng.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 81920 c:\windows\$NtUninstallKB974455$\ieencode.dll
+ 2009-10-15 08:02 . 2009-06-22 11:38 18432 c:\windows\$NtUninstallKB974455$\iedw.exe
+ 2009-10-15 08:02 . 2009-06-26 16:18 55808 c:\windows\$NtUninstallKB974455$\extmgr.dll
+ 2009-08-26 08:00 . 2008-10-22 09:47 62976 c:\windows\$NtUninstallKB970653-v3$\tzchange.exe
+ 2009-08-26 08:00 . 2009-07-16 04:14 14336 c:\windows\$NtUninstallKB970653-v3$\spuninst\tzchange.dll
+ 2009-11-05 09:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB976749\update\spcustom.dll
+ 2009-11-05 09:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB976749\spmsg.dll
+ 2009-10-15 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB975467\update\spcustom.dll
+ 2009-10-15 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB975467\spmsg.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975025\update\spcustom.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB975025\spmsg.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974571\update\spcustom.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974571\spmsg.dll
+ 2009-09-04 20:57 . 2009-09-04 20:57 58880 c:\windows\$hf_mig$\KB974571\SP3QFE\msasn1.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\$hf_mig$\KB974571\SP3GDR\msasn1.dll
+ 2009-09-04 20:36 . 2009-09-04 20:36 58880 c:\windows\$hf_mig$\KB974571\SP2QFE\msasn1.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974455\update\spcustom.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974455\spmsg.dll
+ 2009-09-25 05:32 . 2009-09-25 05:32 81920 c:\windows\$hf_mig$\KB974455\SP3QFE\ieencode.dll
+ 2009-09-25 05:37 . 2009-09-25 05:37 81920 c:\windows\$hf_mig$\KB974455\SP3GDR\ieencode.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 39424 c:\windows\$hf_mig$\KB974455\SP2QFE\pngfilt.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 16384 c:\windows\$hf_mig$\KB974455\SP2QFE\jsproxy.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 96256 c:\windows\$hf_mig$\KB974455\SP2QFE\inseng.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 81920 c:\windows\$hf_mig$\KB974455\SP2QFE\ieencode.dll
+ 2009-09-18 09:46 . 2009-09-18 09:46 18432 c:\windows\$hf_mig$\KB974455\SP2QFE\iedw.exe
+ 2009-09-25 05:48 . 2009-09-25 05:48 55808 c:\windows\$hf_mig$\KB974455\SP2QFE\extmgr.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974112\update\spcustom.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974112\spmsg.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973525\update\spcustom.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973525\spmsg.dll
+ 2009-09-09 08:00 . 2007-03-06 01:22 22752 c:\windows\$hf_mig$\KB971961\update\spcustom.dll
+ 2009-09-09 08:00 . 2007-03-06 01:22 14048 c:\windows\$hf_mig$\KB971961\spmsg.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB971486\update\spcustom.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB971486\spmsg.dll
+ 2009-10-15 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969059\update\spcustom.dll
+ 2009-10-15 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969059\spmsg.dll
+ 2009-09-09 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB956844\update\spcustom.dll
+ 2009-09-09 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB956844\spmsg.dll
+ 2009-08-23 13:25 . 2007-03-06 01:22 22752 c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2009-08-23 13:25 . 2007-03-06 01:22 14048 c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 5120 c:\windows\system32\dllcache\cache\sfc.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 2944 c:\windows\system32\dllcache\cache\null.sys
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-03-22 07:44 . 2009-09-18 09:33 352768 c:\windows\system32\xpsp3res.dll
- 2009-03-22 07:44 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2009-03-20 16:13 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2004-08-04 12:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 624640 c:\windows\system32\urlmon.dll
+ 2006-03-17 20:49 . 2006-03-17 20:49 368640 c:\windows\system32\twnlib4.dll
+ 2009-03-20 16:11 . 2009-03-20 16:11 295424 c:\windows\system32\termsrv32.dll
- 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 473600 c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 146432 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\msctf.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2004-08-04 12:00 . 2007-12-18 14:40 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll
+ 2009-12-09 04:13 . 2009-12-09 04:12 149280 c:\windows\system32\javaws.exe
+ 2009-12-09 04:13 . 2009-12-09 04:12 145184 c:\windows\system32\javaw.exe
+ 2009-12-09 04:13 . 2009-12-09 04:12 145184 c:\windows\system32\java.exe
+ 2008-07-04 15:23 . 2008-07-04 15:23 802816 c:\windows\system32\imagXRA7.dll
+ 2008-07-04 15:23 . 2008-07-04 15:23 258048 c:\windows\system32\imagXR7.dll
+ 2008-07-04 15:23 . 2008-07-04 15:23 497296 c:\windows\system32\imagXpr7.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 251392 c:\windows\system32\iepeers.dll
+ 2009-03-20 09:52 . 2009-11-12 09:18 171488 c:\windows\system32\FNTCACHE.DAT
- 2009-03-20 09:52 . 2009-07-04 17:34 171488 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2009-09-25 05:56 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 357888 c:\windows\system32\dxtmsft.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-20 16:13 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-20 16:13 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2004-08-04 12:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 624640 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-20 16:13 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2009-03-20 16:13 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 473600 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
- 2004-08-04 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2008-02-26 11:59 294912 c:\windows\system32\dllcache\msctf.dll
+ 2004-08-04 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-04 12:00 . 2007-12-18 14:40 450560 c:\windows\system32\dllcache\jscript.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 251392 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-07-25 01:37 . 2009-06-26 16:18 659456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 170496 c:\windows\system32\dllcache\cache\srsvc.dll
+ 2009-07-25 01:37 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-08-15 22:36 . 2004-08-04 12:00 180224 c:\windows\system32\dllcache\cache\scecli.dll
+ 2009-07-25 01:37 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\cache\rpcss.dll
+ 2009-08-15 22:36 . 2004-08-04 12:00 382464 c:\windows\system32\dllcache\cache\qmgr.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 435200 c:\windows\system32\dllcache\cache\ntmssvc.dll
+ 2009-08-15 22:36 . 2004-08-04 12:00 574592 c:\windows\system32\dllcache\cache\ntfs.sys
+ 2009-07-25 01:37 . 2004-08-04 12:00 407040 c:\windows\system32\dllcache\cache\netlogon.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-07-25 01:37 . 2004-08-04 12:00 924432 c:\windows\system32\dllcache\cache\mfc40u.dll
+ 2009-07-25 01:37 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 792064 c:\windows\system32\dllcache\cache\comres.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 611328 c:\windows\system32\dllcache\cache\comctl32.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 142464 c:\windows\system32\dllcache\cache\aec.sys
+ 2004-08-04 12:00 . 2009-09-25 05:56 151040 c:\windows\system32\cdfview.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 151040 c:\windows\system32\cdfview.dll
+ 2009-10-18 18:23 . 2009-10-18 18:23 424960 c:\windows\Installer\2e8d5c.msi
+ 2009-10-18 18:22 . 2009-10-18 18:22 106496 c:\windows\Installer\2e8d50.msi
+ 2009-10-31 14:45 . 2009-10-31 14:45 169472 c:\windows\Installer\2836419.msi
+ 2009-11-25 09:01 . 2009-11-25 09:01 969728 c:\windows\Installer\209acdd9.msi
+ 2009-11-25 09:00 . 2009-11-25 09:00 429568 c:\windows\Installer\209acdd3.msi
+ 2009-10-05 14:01 . 2009-10-20 01:13 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-05 14:01 . 2009-10-20 01:13 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-07-04 03:26 . 2009-07-04 03:26 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-10-20 01:13 . 2009-10-20 01:13 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-11-05 09:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976749$\spuninst\updspapi.dll
+ 2009-11-05 09:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB976749$\spuninst\spuninst.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975467$\spuninst\updspapi.dll
+ 2009-10-15 08:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975467$\spuninst\spuninst.exe
+ 2009-10-15 08:00 . 2009-06-25 08:44 133632 c:\windows\$NtUninstallKB975467$\msv1_0.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975025$\spuninst\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB975025$\spuninst\spuninst.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2009-10-15 08:02 . 2009-06-22 11:26 352768 c:\windows\$NtUninstallKB974455$\xpsp3res.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 659456 c:\windows\$NtUninstallKB974455$\wininet.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 616448 c:\windows\$NtUninstallKB974455$\urlmon.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974455$\spuninst\updspapi.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974455$\spuninst\spuninst.exe
+ 2009-10-15 08:02 . 2009-06-26 16:18 474112 c:\windows\$NtUninstallKB974455$\shlwapi.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 532480 c:\windows\$NtUninstallKB974455$\mstime.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 146432 c:\windows\$NtUninstallKB974455$\msrating.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 449024 c:\windows\$NtUninstallKB974455$\mshtmled.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 251392 c:\windows\$NtUninstallKB974455$\iepeers.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 205312 c:\windows\$NtUninstallKB974455$\dxtrans.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 357888 c:\windows\$NtUninstallKB974455$\dxtmsft.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 151040 c:\windows\$NtUninstallKB974455$\cdfview.dll
+ 2009-10-15 08:01 . 2008-10-03 10:15 247326 c:\windows\$NtUninstallKB974112$\strmdll.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974112$\spuninst\updspapi.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974112$\spuninst\spuninst.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973525$\spuninst\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973525$\spuninst\spuninst.exe
+ 2009-09-09 08:00 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2009-09-09 08:00 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2009-09-09 08:00 . 2007-12-18 14:40 450560 c:\windows\$NtUninstallKB971961$\jscript.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971486$\spuninst\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB971486$\spuninst\spuninst.exe
+ 2009-08-26 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970653-v3$\spuninst\updspapi.dll
+ 2009-08-26 08:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe
+ 2009-10-15 08:01 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2009-10-15 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2009-09-09 08:00 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB968816_WM9$\spuninst\updspapi.dll
+ 2009-09-09 08:00 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe
+ 2009-10-15 08:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB958869$\spuninst\updspapi.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB958869$\spuninst\spuninst.exe
+ 2009-09-09 08:00 . 2004-08-04 12:00 153088 c:\windows\$NtUninstallKB956844$\triedit.dll
+ 2009-09-09 08:00 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2009-09-09 08:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2009-10-15 08:02 . 2006-10-19 03:47 603648 c:\windows\$NtUninstallKB954155_WM9$\wmspdmod.dll
+ 2009-10-15 08:02 . 2007-07-27 15:41 382840 c:\windows\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll
+ 2009-10-15 08:02 . 2007-07-27 15:41 231288 c:\windows\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe
+ 2009-08-23 13:25 . 2007-03-06 01:23 371424 c:\windows\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
+ 2009-08-23 13:25 . 2007-03-06 01:22 213216 c:\windows\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2009-08-23 13:25 . 2004-08-04 12:00 294400 c:\windows\$NtUninstallKB932823-v3$\msctf.dll
+ 2009-11-05 09:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976749\update\updspapi.dll
+ 2009-11-05 09:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976749\update\update.exe
+ 2009-11-05 09:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB976749\spuninst.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975467\update\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975467\update\update.exe
+ 2009-10-15 08:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB975467\spuninst.exe
+ 2009-09-11 14:13 . 2009-09-11 14:13 136704 c:\windows\$hf_mig$\KB975467\SP3QFE\msv1_0.dll
+ 2009-09-11 14:18 . 2009-09-11 14:18 136192 c:\windows\$hf_mig$\KB975467\SP3GDR\msv1_0.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
+ 2009-09-11 14:03 . 2009-09-11 14:03 136192 c:\windows\$hf_mig$\KB975467\SP2QFE\msv1_0.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB975025\update\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB975025\update\update.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB975025\spuninst.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974571\update\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974571\update\update.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974571\spuninst.exe
+ 2009-10-15 08:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974455\update\updspapi.dll
+ 2009-10-15 08:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974455\update\update.exe
+ 2009-10-15 08:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974455\spuninst.exe
+ 2009-09-25 05:32 . 2009-09-25 05:32 668672 c:\windows\$hf_mig$\KB974455\SP3QFE\wininet.dll
+ 2009-09-25 05:32 . 2009-09-25 05:32 628736 c:\windows\$hf_mig$\KB974455\SP3QFE\urlmon.dll
+ 2009-09-25 05:37 . 2009-09-25 05:37 667136 c:\windows\$hf_mig$\KB974455\SP3GDR\wininet.dll
+ 2009-09-25 05:37 . 2009-09-25 05:37 627712 c:\windows\$hf_mig$\KB974455\SP3GDR\urlmon.dll
+ 2009-09-18 09:33 . 2009-09-18 09:33 352768 c:\windows\$hf_mig$\KB974455\SP2QFE\xpsp3res.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 668672 c:\windows\$hf_mig$\KB974455\SP2QFE\wininet.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 628224 c:\windows\$hf_mig$\KB974455\SP2QFE\urlmon.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 474112 c:\windows\$hf_mig$\KB974455\SP2QFE\shlwapi.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 532480 c:\windows\$hf_mig$\KB974455\SP2QFE\mstime.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 146432 c:\windows\$hf_mig$\KB974455\SP2QFE\msrating.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 449024 c:\windows\$hf_mig$\KB974455\SP2QFE\mshtmled.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 251904 c:\windows\$hf_mig$\KB974455\SP2QFE\iepeers.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 205312 c:\windows\$hf_mig$\KB974455\SP2QFE\dxtrans.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 357888 c:\windows\$hf_mig$\KB974455\SP2QFE\dxtmsft.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 151040 c:\windows\$hf_mig$\KB974455\SP2QFE\cdfview.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974112\update\updspapi.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974112\update\update.exe
+ 2009-10-15 08:01 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974112\spuninst.exe
+ 2009-08-26 08:03 . 2009-08-26 08:03 247326 c:\windows\$hf_mig$\KB974112\SP3QFE\strmdll.dll
+ 2009-08-26 08:00 . 2009-08-26 08:00 247326 c:\windows\$hf_mig$\KB974112\SP3GDR\strmdll.dll
+ 2009-08-26 07:58 . 2009-08-26 07:58 247326 c:\windows\$hf_mig$\KB974112\SP2QFE\strmdll.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973525\update\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973525\update\update.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973525\spuninst.exe
+ 2009-09-09 08:00 . 2007-03-06 01:23 371424 c:\windows\$hf_mig$\KB971961\update\updspapi.dll
+ 2009-09-09 08:00 . 2007-03-06 01:22 716000 c:\windows\$hf_mig$\KB971961\update\update.exe
+ 2009-09-09 08:00 . 2007-03-06 01:22 213216 c:\windows\$hf_mig$\KB971961\spuninst.exe
+ 2009-09-09 01:07 . 2009-08-21 09:50 450560 c:\windows\$hf_mig$\KB971961\SP2QFE\jscript.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971486\update\updspapi.dll
+ 2009-10-15 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971486\update\update.exe
+ 2009-10-15 08:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB971486\spuninst.exe
+ 2009-10-15 08:01 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969059\update\updspapi.dll
+ 2009-10-15 08:01 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969059\update\update.exe
+ 2009-10-15 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969059\spuninst.exe
+ 2009-09-09 08:00 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956844\update\updspapi.dll
+ 2009-09-09 08:00 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956844\update\update.exe
+ 2009-09-09 08:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB956844\spuninst.exe
+ 2009-09-09 01:10 . 2009-06-21 21:49 153088 c:\windows\$hf_mig$\KB956844\SP3QFE\triedit.dll
+ 2009-09-09 01:10 . 2009-06-21 21:44 153088 c:\windows\$hf_mig$\KB956844\SP3GDR\triedit.dll
+ 2009-09-09 01:10 . 2009-06-21 21:55 153088 c:\windows\$hf_mig$\KB956844\SP2QFE\triedit.dll
+ 2009-08-23 13:25 . 2007-03-06 01:23 371424 c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2009-08-23 13:25 . 2007-03-06 01:22 716000 c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2009-08-23 13:25 . 2007-03-06 01:22 213216 c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2009-08-23 13:25 . 2008-02-26 11:48 297984 c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2009-10-15 04:34 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2009-03-20 16:13 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
- 2004-08-04 12:00 . 2008-06-18 11:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2009-09-25 05:56 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-04 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\query.dll
- 2004-08-04 12:00 . 2009-02-06 17:22 2136064 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 12:00 . 2009-08-04 13:58 2136064 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2009-02-06 16:49 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2009-08-04 13:13 2015744 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-19 23:07 . 2009-08-19 23:07 1415000 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 12:00 . 2009-10-20 00:08 3063296 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-07-04 15:23 . 2008-07-04 15:23 1757184 c:\windows\system32\imagX7.dll
+ 2009-03-20 16:13 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00 . 2008-06-18 11:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2009-07-18 16:20 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\dllcache\query.dll
+ 2009-03-24 04:12 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-24 04:12 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-24 04:12 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-24 04:12 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-24 04:12 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-03-24 04:12 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-03-24 04:12 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-04 12:00 . 2009-10-20 00:08 3063296 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 1054208 c:\windows\system32\dllcache\danim.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-07-25 01:37 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-07-25 01:37 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-08-15 22:36 . 2009-07-18 16:20 3062272 c:\windows\system32\dllcache\cache\mshtml.dll
+ 2009-07-25 01:37 . 2004-08-04 12:00 1032192 c:\windows\system32\dllcache\cache\explorer.exe
- 2004-08-04 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 1054208 c:\windows\system32\danim.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 1054208 c:\windows\system32\danim.dll
+ 2004-08-04 12:00 . 2009-09-25 05:56 1023488 c:\windows\system32\browseui.dll
- 2004-08-04 12:00 . 2009-06-26 16:18 1023488 c:\windows\system32\browseui.dll
+ 2009-11-26 06:20 . 2009-11-26 06:20 1258496 c:\windows\Installer\4836af4.msi
+ 2009-10-18 18:31 . 2009-10-18 18:31 4096000 c:\windows\Installer\2e8dcf.msi
+ 2009-10-18 18:31 . 2009-10-18 18:31 3592704 c:\windows\Installer\2e8dc0.msi
+ 2009-10-18 18:30 . 2009-10-18 18:30 3593728 c:\windows\Installer\2e8db6.msi
+ 2009-10-18 18:30 . 2009-10-18 18:30 3593216 c:\windows\Installer\2e8db1.msi
+ 2009-10-18 18:30 . 2009-10-18 18:30 3592192 c:\windows\Installer\2e8dac.msi
+ 2009-10-18 18:29 . 2009-10-18 18:29 3592192 c:\windows\Installer\2e8da7.msi
+ 2009-10-18 18:29 . 2009-10-18 18:29 3592192 c:\windows\Installer\2e8da2.msi
+ 2009-10-18 18:29 . 2009-10-18 18:29 3602432 c:\windows\Installer\2e8d9d.msi
+ 2009-10-18 18:28 . 2009-10-18 18:28 3640320 c:\windows\Installer\2e8d98.msi
+ 2009-10-18 18:28 . 2009-10-18 18:28 3641344 c:\windows\Installer\2e8d92.msi
+ 2009-10-18 18:27 . 2009-10-18 18:27 3643904 c:\windows\Installer\2e8d8d.msi
+ 2009-10-18 18:27 . 2009-10-18 18:27 3676672 c:\windows\Installer\2e8d88.msi
+ 2009-10-18 18:26 . 2009-10-18 18:26 3768832 c:\windows\Installer\2e8d83.msi
+ 2009-10-18 18:26 . 2009-10-18 18:26 3645440 c:\windows\Installer\2e8d7e.msi
+ 2009-10-18 18:25 . 2009-10-18 18:25 3645440 c:\windows\Installer\2e8d79.msi
+ 2009-10-18 18:25 . 2009-10-18 18:25 3613184 c:\windows\Installer\2e8d74.msi
+ 2009-10-18 18:24 . 2009-10-18 18:24 3666944 c:\windows\Installer\2e8d6f.msi
+ 2009-10-01 04:07 . 2009-10-01 04:07 1697792 c:\windows\Installer\1fecf24a.msp
+ 2009-12-09 04:12 . 2009-12-09 04:12 1757696 c:\windows\Installer\1e685.msi
+ 2009-08-11 05:27 . 2009-08-11 05:27 1697792 c:\windows\Installer\1a9af170.msp
+ 2009-09-08 04:47 . 2009-09-08 04:47 1697792 c:\windows\Installer\19cf4492.msp
+ 2009-10-05 14:01 . 2009-10-20 01:13 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-04-12 04:35 . 2009-07-04 03:27 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-24 04:12 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-03-24 04:12 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-03-24 04:12 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-03-24 04:12 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-03-24 04:12 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-03-24 04:12 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-03-24 04:12 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-05 09:00 . 2009-09-25 05:56 3063296 c:\windows\$NtUninstallKB976749$\mshtml.dll
+ 2009-10-15 08:02 . 2009-07-18 16:20 1506304 c:\windows\$NtUninstallKB974455$\shdocvw.dll
+ 2009-10-15 08:02 . 2009-07-18 16:20 3062272 c:\windows\$NtUninstallKB974455$\mshtml.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 1054208 c:\windows\$NtUninstallKB974455$\danim.dll
+ 2009-10-15 08:02 . 2009-06-26 16:18 1023488 c:\windows\$NtUninstallKB974455$\browseui.dll
+ 2009-10-15 08:00 . 2009-02-06 17:22 2136064 c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
+ 2009-10-15 08:00 . 2009-02-06 16:49 2015744 c:\windows\$NtUninstallKB971486$\ntkrpamp.exe
+ 2009-10-15 08:00 . 2009-02-06 16:49 2015744 c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
+ 2009-10-15 08:00 . 2009-02-06 17:22 2136064 c:\windows\$NtUninstallKB971486$\ntkrnlmp.exe
+ 2009-10-15 08:01 . 2004-08-04 12:00 1435648 c:\windows\$NtUninstallKB969059$\query.dll
+ 2009-09-09 08:00 . 2008-06-18 11:03 2458112 c:\windows\$NtUninstallKB968816_WM9$\wmvcore.dll
+ 2009-10-19 23:44 . 2009-10-19 23:44 3072512 c:\windows\$hf_mig$\KB976749\SP3QFE\mshtml.dll
+ 2009-10-19 23:53 . 2009-10-19 23:53 3070976 c:\windows\$hf_mig$\KB976749\SP3GDR\mshtml.dll
+ 2009-10-20 00:00 . 2009-10-20 00:00 3070976 c:\windows\$hf_mig$\KB976749\SP2QFE\mshtml.dll
+ 2009-09-25 05:32 . 2009-09-25 05:32 1509888 c:\windows\$hf_mig$\KB974455\SP3QFE\shdocvw.dll
+ 2009-09-25 05:32 . 2009-09-25 05:32 3072512 c:\windows\$hf_mig$\KB974455\SP3QFE\mshtml.dll
+ 2009-09-25 05:37 . 2009-09-25 05:37 1509888 c:\windows\$hf_mig$\KB974455\SP3GDR\shdocvw.dll
+ 2009-09-25 05:37 . 2009-09-25 05:37 3070976 c:\windows\$hf_mig$\KB974455\SP3GDR\mshtml.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 1509888 c:\windows\$hf_mig$\KB974455\SP2QFE\shdocvw.dll
+ 2009-09-25 05:49 . 2009-09-25 05:49 3070976 c:\windows\$hf_mig$\KB974455\SP2QFE\mshtml.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 1054208 c:\windows\$hf_mig$\KB974455\SP2QFE\danim.dll
+ 2009-09-25 05:48 . 2009-09-25 05:48 1024000 c:\windows\$hf_mig$\KB974455\SP2QFE\browseui.dll
+ 2009-10-15 04:33 . 2009-08-04 13:56 2189312 c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
+ 2009-10-15 04:33 . 2009-08-04 13:17 2023936 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrpamp.exe
+ 2009-08-04 23:47 . 2009-08-04 23:47 2066176 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
+ 2009-10-15 04:33 . 2009-08-04 13:54 2145280 c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlmp.exe
+ 2009-08-05 01:44 . 2009-08-05 01:44 2189184 c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
+ 2009-10-15 04:33 . 2009-08-04 14:20 2023936 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrpamp.exe
+ 2009-10-15 04:33 . 2009-08-04 14:20 2066048 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
+ 2009-10-15 04:33 . 2009-08-04 15:13 2145280 c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlmp.exe
+ 2009-10-15 04:33 . 2009-08-04 12:51 2185984 c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
+ 2009-10-15 04:33 . 2009-08-04 12:02 2020864 c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrpamp.exe
+ 2009-10-15 04:33 . 2009-08-04 12:02 2062976 c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
+ 2009-10-15 04:33 . 2009-08-04 12:49 2142720 c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlmp.exe
+ 2009-07-17 16:01 . 2009-07-17 16:01 1435648 c:\windows\$hf_mig$\KB969059\SP3QFE\query.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\$hf_mig$\KB969059\SP3GDR\query.dll
+ 2009-07-17 16:10 . 2009-07-17 16:10 1435648 c:\windows\$hf_mig$\KB969059\SP2QFE\query.dll
+ 2009-08-23 13:22 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-25 39408]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-12-31 33546240]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]
"Six Engine"="c:\program files\ASUS\EPU\EPU.exe" [2009-01-03 4067840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-22 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-09 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26957:TCP"= 26957:TCP:BitComet 26957 TCP
"26957:UDP"= 26957:UDP:BitComet 26957 UDP
"53:UDP"= 53:UDP:Promo
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 gupdate1c9b408c0d28a32;Google Update Service (gupdate1c9b408c0d28a32);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 133104]
R2 hsndcejv;Terminal Server Device Redirector Helper;c:\windows\System32\svchost.exe [2004-08-04 14336]
R2 mujrtv;mujrtv;c:\windows\system32\drivers\shab.sys [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 supsiip;supsiip;c:\windows\system32\drivers\ytxelw.sys [x]
R2 udosars;udosars;c:\windows\system32\drivers\hisvd.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-02-17 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-19 993280]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://www.google.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\mehpbcpp.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 23:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x88EE9F30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> 0x88ee9f30
\Driver\atapi -> atapi.sys @ 0xf72f07b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> 0x88f26480
PacketIndicateHandler -> NDIS.sys @ 0xf720ab21
SendHandler -> NDIS.sys @ 0xf71e887b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0497C71C8
malicious code @ sector 0x0497C71CB !
PE file found in sector at 0x0497C71E1 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Fast Browser Search\\IE\\tbhelper.dll"
"ThreadingModel"="both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0]
@DACL=(02 0000)
@="URLSearchHook 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0]
@DACL=(02 0000)
@="Toolbar3 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\URLSearchHook.ToolbarURLSearchHook\CLSID]
@DACL=(02 0000)
@="{CA3EB689-8F09-4026-AA10-B9534C691CE0}"

[HKEY_LOCAL_MACHINE\software\Classes\URLSearchHook.ToolbarURLSearchHook.1\CLSID]
@DACL=(02 0000)
@="{CA3EB689-8F09-4026-AA10-B9534C691CE0}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\nvLsp.dll
.
Completion time: 2009-12-08 23:13:42
ComboFix-quarantined-files.txt 2009-12-09 05:13
ComboFix2.txt 2009-08-16 00:28
ComboFix3.txt 2009-08-15 22:36
ComboFix4.txt 2009-07-25 01:38

Pre-Run: 152,711,589,888 bytes free
Post-Run: 154,525,917,184 bytes free

- - End Of File - - 3F79DAFFD329EA3A694315056D36E601

Edited by Tex92rs, 10 December 2009 - 08:51 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 16 December 2009 - 10:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Tex92rs,

Well those logs do show infection but I do wonder about ComboFix.

Did you run that under instruction from another forum maybe?

It was pulled a little while ago while some bugs are being fixed. Some experts in recognised forums are using a beta version at the moment but it is very much testing and should only be carried out under supervision.

I don't know how many times we need to warn people about running it on their own.

Oh well, let's see what we can do.

See if you can use the Recover Console that should have been installed with ComboFix.

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to boot to.
3. Use the up and down arrow keys to select Microsoft Windows Recovery Console.
4. You must enter which Windows installation to log on to. Type 1 and press Enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type in exit and press Enter.

Tell me whether you can boot into Windows or not.
  • 0

#3
Tex92rs
Posted 16 December 2009 - 11:48 PM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Thank you for the reply. As for combofix, I was instructed to use that not on this issue, but a previous bout with vundo. I figured id try it on this.

I am not able to get into the recovery counsel. It gives me the option for it but it takes me to a completely black screen, with a white flashing hashmark , no prompt at all.

Edited by Tex92rs, 17 December 2009 - 12:02 AM.

  • 0

#4
emeraldnzl
Posted 17 December 2009 - 02:52 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Tex92rs,

This may not work but we have restricted options here.

I would like you to try this. You will need to do this on a different computer. One you know is clean.

If this can't be done let me know and we look for alternatives.

Download Dr.Web live cd and burn it to a cd then follow the instructions

Download here Dr Web Live CD

When you run the cd choose this option Dr Web-LiveCD.
  • 0

#5
Tex92rs
Posted 20 December 2009 - 10:06 AM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I have not had a chance to burn this yet, I will burn it today, then let you know. Thank You again for the help.
  • 0

#6
emeraldnzl
Posted 20 December 2009 - 01:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie :)
  • 0

#7
Tex92rs
Posted 22 December 2009 - 07:48 AM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK, got the disk burned. The scanner ran, then it cured, and removed a few files. Windows however is still loading the setup screen though. Windows Recovery console, still is not working.

Edited by Tex92rs, 22 December 2009 - 08:41 AM.

  • 0

#8
emeraldnzl
Posted 22 December 2009 - 01:28 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Tex92rs,

I am a bit confused. My age I think :) but can you run ComboFix and other tools? My impression is that you can't but looking back on your logs I might have that wrong?
  • 0

#9
Tex92rs
Posted 22 December 2009 - 03:52 PM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts

Hello Tex92rs,

I am a bit confused. My age I think :) but can you run ComboFix and other tools? My impression is that you can't but looking back on your logs I might have that wrong?



Ahh, I think you forgot about my post in the other forum. I attempted to repair the boot device for windows, because on startup the computer would just restart automatically. I used the windows install disk to get to the repair function, however it just kept trying to install windows, but then froze several times. Now when I go to boot into windows it just takes me to the setup screen.
  • 0

#10
emeraldnzl
Posted 22 December 2009 - 06:19 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi Tex92rs,

Now when I go to boot into windows it just takes me to the setup screen


When you see the "Welcome To Setup" screen, you should see the options below

This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R. <----------------This is the one you want I think.

This might be helpful:

Please go to Windows Repair to learn how to undertake Windows Repair Install.

You will not lose data on your computer using this process.

It is a way to repair your operating system.

You will lose your Windows Updates and your drivers will revert to the original version but you can catch up on these.
  • 0

Advertisements

#11
Tex92rs
Posted 22 December 2009 - 07:00 PM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
OK, I booted from the xp cd, it allowed me to cancel the installation process. it also let me into the recovery area. I typed what you told me to into the prompt. I can now get into windows. After I got in I had the following error C:\windows\system\cf29275.exe could not be found. I updated superantispyware, and attempted to reply to this thread but got the BSOD. I did'nt write down the particular error for the bsod
  • 0

#12
emeraldnzl
Posted 22 December 2009 - 07:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Did you manage to carry out the reinstall?
  • 0

#13
Tex92rs
Posted 22 December 2009 - 07:24 PM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
No I did not attempt that. Is that my next step? If it is I will attempt it a little later this evening. Thank you for all of your help so far!
  • 0

#14
emeraldnzl
Posted 22 December 2009 - 07:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Well you have a lot of corrupt/patched system files there. Almost impossible to replace manually one by one.

You could try updating to SP3. Very often this will replace the bad files and fix the problem. Having said that the infection that caused this type of corruption has evolved and if you have the latest version of it the SP3 update does not always fix it now.

You are having so much trouble booting up it might be easier to just carry out a Repair Installation per my previous post.

After that we can have another look to see if your machine is still infected. :)
  • 0

#15
Tex92rs
Posted 23 December 2009 - 12:32 AM

Tex92rs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I went through the process for the repair. However, It will not let me agree to the EULA by pressing the F8 key. I made sure that the BIOS was set to boot from the disk. I tried this 6 times to no avail.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP