Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

another worm.win32netbooster [RESOLVED]


  • This topic is locked This topic is locked

#1
Triska333

Triska333

    Member

  • Member
  • PipPip
  • 10 posts
I am trying to help my mother remove the worm.win32netbooster that she inadvertantly downloaded from a website. (i believe) So far I have followed the directions from another post on this forum (see http://www.geekstogo...r-t192887.html) on how to remove it. I have ran DSS, BFU, ComboFix, ATF Cleaner, malwarebytes, Kaspersky Webscanner, HostXpert, OTScanIT and HiJackthis. (in the order that was in the original post.) I have saved all the logs and reports, and can post them here if someone can tell me if I am on the right track to removing this malware/trojan... so far the computer looks back to normal, but there were a few steps I could not complete. I want to be sure before I give the computer back to my mom that everything is ok....

Thanks for any help...!!
Triska333

Edited by Triska333, 13 April 2008 - 07:23 PM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Post the Combofix, Kaspersky, HijackThis and DSS logs here.
  • 0

#3
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello!
Thanks so much for the reply!! I've pasted in the Combofix, DSS before and after, and the last HijackThis file i made... I've attached the Kaspersky html file. let me know if it doesn't come though...

many thanks!!!
Cheers!
Triska
***********************

ComboFix 08-04-12.10 - Administrator 2008-04-13 13:36:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.558 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\iifgDtQJ.dll
C:\WINDOWS\system32\JQtDgfii.ini
C:\WINDOWS\system32\JQtDgfii.ini2
C:\WINDOWS\system32\khfGaxvt.dll
C:\WINDOWS\system32\kxnspifv.dll
C:\WINDOWS\system32\ssqOIcBS.dll
C:\WINDOWS\system32\vfipsnxk.ini
C:\WINDOWS\system32\vtUnlIbY.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 12:50 . 2008-04-13 12:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 12:27 . 2008-04-13 12:27 <DIR> d-------- C:\Deckard
2008-04-13 11:12 . 2008-04-13 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-13 01:11 . 2008-04-13 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ncvwdcxg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-13 16:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-08 21:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 02:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-03-13 22:25 44,088 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-06 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-06 04:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Download Manager
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 21:30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 14:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 08:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 14:04 761945]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 14:12 17920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 11:03 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 18:51 1187840]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 18:43 892928]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 21:30 1191936]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 14:06 716800]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-14 10:32 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-14 10:32 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-14 10:32 137752]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 13:49 454656]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 19:11 802816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 18:39 131072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 14:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 00:20:45 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 13:41:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????^??????([email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-13 13:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 17:43:55
Pre-Run: 82,731,958,272 bytes free
Post-Run: 82,650,071,040 bytes free
.
2008-04-09 04:27:37 --- E O F ---


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-13 12:27:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-04-13 16:27:44 UTC - RP185 - Deckard's System Scanner Restore Point
83: 2008-04-13 14:01:20 UTC - RP184 - Last known good configuration
82: 2008-04-13 14:01:16 UTC - RP183 - Software Distribution Service 3.0
81: 2008-04-13 14:01:16 UTC - RP182 - System Checkpoint
80: 2008-04-13 14:01:15 UTC - RP181 - System Checkpoint


-- First Restore Point --
1: 2008-04-13 14:00:24 UTC - RP102 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-13 12:29:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\All Users\Application Data\ncvwdcxg\tazcrkze.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\fcrwtidq.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HPQ\Shared\HpqToaster.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
O2 - BHO: (no name) - {3384FEDC-A07B-4009-A365-0CEAE01C59CA} - C:\WINDOWS\system32\rqRiIXqQ.dll
O2 - BHO: DVA Storm - {34A75400-077F-4E0E-BB38-B7F45BAEA819} - C:\WINDOWS\nslbvxpglqe.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\ssqOIcBS.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: sgoblxtm - {466AADAC-E21A-422D-958C-2B627A22E99A} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [51c383ef] rundll32.exe "C:\WINDOWS\system32\mwjgcuyh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [aasgahmk] C:\WINDOWS\system32\fcrwtidq.exe
O4 - HKLM\..\Policies\Explorer\Run: [KwxsRKt36A] C:\Documents and Settings\All Users\Application Data\ncvwdcxg\tazcrkze.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173923970984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: ssqOIcBS - C:\WINDOWS\system32\ssqOIcBS.dll
O21 - SSODL: ogxtsepr - {5B1531B7-F141-4B56-80A3-FBFB51AF4C98} - C:\WINDOWS\ogxtsepr.dll
O21 - SSODL: dsktbwfe - {99705CEF-B739-4D54-B6ED-B1D0ABEC6D76} - C:\WINDOWS\dsktbwfe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13737 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
Service: w39n51

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\290D020E23F99
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\290D020E23F99
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-04-11 20:20:45 580 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 11:12:03 0 d-------- C:\WINDOWS\privacy_danger
2008-04-13 11:12:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
2008-04-13 10:03:11 85568 --a------ C:\WINDOWS\system32\mwjgcuyh.dll
2008-04-13 10:00:11 183953 --ahs---- C:\WINDOWS\system32\QqXIiRqr.ini2
2008-04-13 10:00:06 272896 --a------ C:\WINDOWS\system32\rqRiIXqQ.dll
2008-04-13 01:11:45 37888 --a------ C:\WINDOWS\system32\khfGaxvt.dll
2008-04-13 01:11:29 94208 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 01:11:29 155648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 01:11:29 188416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-13 01:11:29 212992 --a------ C:\WINDOWS\nslbvxpglqe.dll
2008-04-13 01:11:29 217088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-13 01:11:21 37888 --a------ C:\WINDOWS\system32\vtUnlIbY.dll
2008-04-13 01:11:20 37888 --a------ C:\WINDOWS\system32\qoMcyaxw.dll
2008-04-13 01:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\ncvwdcxg
2008-04-13 01:11:19 106496 --a------ C:\WINDOWS\system32\fcrwtidq.exe
2008-04-13 01:10:19 37888 --a------ C:\WINDOWS\system32\ssqOIcBS.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-13 01:11:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-08 17:43:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-28 09:29:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-13 22:22:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-03-13 18:25:17 44088 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 00:26:36 0 d-------- C:\Program Files\Common Files
2008-03-06 00:21:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-02-27 01:48:13 0 -rahs---- C:\MSDOS.SYS
2008-02-27 01:48:13 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3384FEDC-A07B-4009-A365-0CEAE01C59CA}]
04/13/2008 10:00 AM 272896 --a------ C:\WINDOWS\system32\rqRiIXqQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34A75400-077F-4E0E-BB38-B7F45BAEA819}]
04/12/2008 07:08 PM 212992 --a------ C:\WINDOWS\nslbvxpglqe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}]
04/13/2008 01:10 AM 37888 --a------ C:\WINDOWS\system32\ssqOIcBS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [02/14/2006 02:56 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 02:11 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [08/31/2005 08:20 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/10/2005 02:04 PM]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [12/22/2003 02:12 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [02/22/2006 11:03 AM]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [12/20/2005 06:51 PM]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [02/15/2006 06:43 PM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 09:30 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 04:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 02:06 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/03/2006 03:04 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 09:22 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/14/2007 10:32 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/14/2007 10:32 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/14/2007 10:32 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 01:49 PM]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [01/23/2006 07:11 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 06:39 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"51c383ef"="C:\WINDOWS\system32\mwjgcuyh.dll" [04/13/2008 10:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/21/2007 09:30 PM]
"aasgahmk"="C:\WINDOWS\system32\fcrwtidq.exe" [04/13/2008 01:11 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"KwxsRKt36A"=C:\Documents and Settings\All Users\Application Data\ncvwdcxg\tazcrkze.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}"= C:\WINDOWS\system32\ssqOIcBS.dll [04/13/2008 01:10 AM 37888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ogxtsepr"= {5B1531B7-F141-4B56-80A3-FBFB51AF4C98} - C:\WINDOWS\ogxtsepr.dll [04/12/2008 07:07 PM 188416]
"dsktbwfe"= {99705CEF-B739-4D54-B6ED-B1D0ABEC6D76} - C:\WINDOWS\dsktbwfe.dll [04/12/2008 07:07 PM 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 07/25/2005 02:41 PM 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOIcBS]
ssqOIcBS.dll 04/13/2008 01:10 AM 37888 C:\WINDOWS\system32\ssqOIcBS.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRiIXqQ
"Notification Packages"= scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8454538-d1bd-11db-b8d7-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-13 12:29:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5600 @ 1.83GHz
CPU 1: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1015.36 MiB / 576.18 MiB
Pagefile Memory (total/avail): 2441.48 MiB / 1968.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.37 MiB

C: is Fixed (NTFS) - 105.31 GiB total, 77.08 GiB free.
D: is CDROM (CDFS)
E: is Fixed (FAT32) - 6.47 GiB total, 0.69 GiB free.

\\.\PHYSICALDRIVE0 - ST9120821AS - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 105.31 GiB - C:
\PARTITION1 - Unknown - 6.48 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EILEEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\EILEEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=EILEEN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{93F549B5-BAFB-4DEC-9DD8-74309A463DA9}
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACS PC Atlas --> C:\WINDOWS\IsUninst.exe -fC:\PCATLAS\UninPCAt.isu
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems HDA Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Application Installer 4.00.B5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x9
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP460 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460 /L0x0009
Canon MP460 User Registration --> C:\Program Files\Canon\IJEREG\MP460\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Backup and Recovery Manager Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP BIOS Configuration for ProtectTools 2.00 C3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x9 biosuninst
HP Credential Manager for ProtectTools --> MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 C3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\setup.exe" -l0x9 -removeonly hpquninst
HP Quick Launch Buttons 6.00 D2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0029 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22C28506-B1E0-4050-B0B7-B97AEB061381}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JigSaw v2 --> C:\WINDOWS\uninst.exe -fC:\JIGSAW\DeIsL1.isu
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Solar Fire 5 Goodies --> "C:\SOLFIRE5\IsStub32.exe" -fC:\SOLFIRE5\DeIsL2.isu -cC:\SOLFIRE5\_ISREG32.DLL
Solar Fire v5 --> C:\WINDOWS\uninst.exe -fC:\SOLFIRE5\DeIsL1.isu -cC:\SOLFIRE5\_ISREG32.DLL
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAlone

Attached Files


  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: (no name) - {3384FEDC-A07B-4009-A365-0CEAE01C59CA} - C:\WINDOWS\system32\rqRiIXqQ.dll
O2 - BHO: DVA Storm - {34A75400-077F-4E0E-BB38-B7F45BAEA819} - C:\WINDOWS\nslbvxpglqe.dll
O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\ssqOIcBS.dll
O3 - Toolbar: sgoblxtm - {466AADAC-E21A-422D-958C-2B627A22E99A} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [51c383ef] rundll32.exe "C:\WINDOWS\system32\mwjgcuyh.dll",b
O4 - HKCU\..\Run: [aasgahmk] C:\WINDOWS\system32\fcrwtidq.exe
O4 - HKLM\..\Policies\Explorer\Run: [KwxsRKt36A] C:\Documents and Settings\All Users\Application Data\ncvwdcxg\tazcrkze.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O20 - Winlogon Notify: ssqOIcBS - C:\WINDOWS\system32\ssqOIcBS.dll
O21 - SSODL: ogxtsepr - {5B1531B7-F141-4B56-80A3-FBFB51AF4C98} - C:\WINDOWS\ogxtsepr.dll
O21 - SSODL: dsktbwfe - {99705CEF-B739-4D54-B6ED-B1D0ABEC6D76} - C:\WINDOWS\dsktbwfe.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Collect::
C:\WINDOWS\system32\rqRiIXqQ

File::
C:\WINDOWS\system32\mwjgcuyh.dll
C:\WINDOWS\system32\QqXIiRqr.ini2
C:\WINDOWS\system32\rqRiIXqQ.dll
C:\WINDOWS\system32\khfGaxvt.dll
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\nslbvxpglqe.dll
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\system32\vtUnlIbY.dll
C:\WINDOWS\system32\qoMcyaxw.dll
C:\WINDOWS\system32\fcrwtidq.exe
C:\WINDOWS\system32\ssqOIcBS.dll
C:\WINDOWS\dsktbwfe.dll

Folder::
C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
C:\Documents and Settings\All Users\Application Data\ncvwdcxg
C:\WINDOWS\privacy_danger

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3384FEDC-A07B-4009-A365-0CEAE01C59CA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34A75400-077F-4E0E-BB38-B7F45BAEA819}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ogxtsepr"=-
"dsktbwfe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOIcBS]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Post a new HijackThis log here also.
  • 0

#5
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for that. I ran HiJackThis again and didn't find any of the strings listed... but I did find one similar to 09 that listed "file missing" at the end. it was the identical number but there was the file C:\Progra~1\Micros`2\Office11\REFIEBAR.dll

I left it alone since it didn't say "file missing" like the one you listed...

Here is the HijackThis file and the new log after creating CFScript.txt file and dragging it into ComboFix......

Thanks again for your help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:15 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\isPwdSvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1173923970984
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11805 bytes
***********************************

ComboFix 08-04-12.10 - Administrator 2008-04-16 21:17:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.500 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\nslbvxpglqe.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\fcrwtidq.exe
C:\WINDOWS\system32\khfGaxvt.dll
C:\WINDOWS\system32\mwjgcuyh.dll
C:\WINDOWS\system32\qoMcyaxw.dll
C:\WINDOWS\system32\QqXIiRqr.ini2
C:\WINDOWS\system32\rqRiIXqQ.dll
C:\WINDOWS\system32\ssqOIcBS.dll
C:\WINDOWS\system32\vtUnlIbY.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons\Internet.lnk
C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons\Launch Google Earth.lnk
C:\Documents and Settings\All Users\Application Data\ncvwdcxg

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-15 01:20 . 2008-04-15 01:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 20:25 . 2008-04-14 20:25 <DIR> d-------- C:\VundoFix Backups
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-13 15:46 . 2008-04-13 15:46 <DIR> d-------- C:\HOSTSXPERT 4.2
2008-04-13 13:59 . 2008-04-13 13:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 13:59 . 2008-04-13 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 12:50 . 2008-04-13 12:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 12:27 . 2008-04-13 12:27 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 01:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-16 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-14 17:10 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-14 14:54 --------- d-----w C:\Program Files\Java
2008-04-14 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 21:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 02:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-03-13 22:25 44,088 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-06 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-06 04:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 00:19 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
2008-03-01 00:13 1,202,560 ----a-w C:\WINDOWS\system32\drivers\AGRSM.sys
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( [email protected]_13.43.44.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 17:40:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 17:20:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-08-04 08:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 08:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 08:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-02-16 08:59:35 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-02-16 08:59:35 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 08:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 08:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 08:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 08:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 08:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 08:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 08:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 08:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 08:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 08:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 08:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-02-16 08:59:35 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-02-16 08:59:35 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 08:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 08:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-02-16 22:29:38 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 08:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 08:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-02-16 08:59:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 08:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-02-16 08:59:37 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 08:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-02-16 08:59:38 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 08:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-02-16 08:59:39 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2007-08-13 22:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll.000
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll.000
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll.000
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll.000
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll.000
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll.000
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll.000
+ 2007-10-31 09:12:30 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-10-31 09:12:30 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll.000
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-13 22:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll.000
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll.000
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe.000
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 14:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 14:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll.000
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2008-04-14 01:41:54 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-14 01:41:54 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 08:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 08:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-12-11 20:40:56 13,312 ----a-w C:\WINDOWS\system32\agrscoin.dll
+ 2007-12-11 20:15:04 12,800 ----a-w C:\WINDOWS\system32\agrsmsvc.exe
+ 2007-08-13 22:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 22:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-08-11 08:45:04 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-02-16 08:59:35 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 22:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2004-08-04 03:14:38 52,736 ----a-w C:\WINDOWS\system32\dllcache\i8042prt.sys
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-07-01 03:31:33 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-02-15 09:23:37 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-13 22:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 22:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-02-16 08:59:35 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2004-08-04 02:58:34 23,040 ----a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 08:59:37 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2008-02-16 08:59:38 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-02-16 08:59:39 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-02-28 13:36:20 176,128 ----a-w C:\WINDOWS\system32\drivers\ADIHdAud.sys
+ 2007-10-01 22:27:40 281,600 ----a-w C:\WINDOWS\system32\drivers\ADIHdAud.sys
- 2005-06-07 13:53:46 152,960 ----a-w C:\WINDOWS\system32\drivers\aeaudio.sys
+ 2007-07-13 19:26:12 94,976 ----a-w C:\WINDOWS\system32\drivers\aeaudio.sys
- 2004-08-04 08:00:00 52,736 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
+ 2004-08-04 03:14:38 52,736 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
- 2004-08-04 08:00:00 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2004-08-04 02:58:34 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2007-10-31 22:23:20 2,236,544 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys
- 2005-11-10 17:50:38 191,936 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
+ 2007-09-15 06:09:44 213,696 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 08:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 08:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 08:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 08:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 08:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 08:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 08:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 08:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 08:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-08-04 08:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 02:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 22:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 08:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 08:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 08:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2007-08-27 22:12:00 745,472 ----a-w C:\WINDOWS\system32\NETw4c32.dll
+ 2007-08-27 22:12:58 2,777,088 ----a-w C:\WINDOWS\system32\NETw4r32.dll
+ 2006-06-28 21:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 12:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 08:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-03-24 19:44:37 56,124 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-14 14:28:27 56,124 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-24 19:44:37 391,638 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-14 14:28:27 391,638 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-04-19 08:06:00 24,576 ----a-w C:\WINDOWS\system32\PostProc.dll
+ 2006-07-01 01:00:50 28,160 ----a-w C:\WINDOWS\system32\PostProc.dll
+ 2004-08-04 08:00:00 52,736 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\i8042prt.sys
+ 2004-08-04 08:00:00 23,040 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\mouclass.sys
+ 2005-11-10 18:07:34 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\InstNT.exe
+ 2005-11-10 17:53:16 82,012 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynCOM.dll
+ 2005-11-10 17:53:32 114,688 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynCtrl.dll
+ 2005-11-10 18:06:00 557,056 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynISDLL.dll
+ 2005-11-10 17:49:14 147,456 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynMood.exe
+ 2005-11-10 17:50:38 191,936 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTP.sys
+ 2005-11-10 17:53:58 94,297 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPAPI.dll
+ 2005-11-10 18:07:22 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPCo2.dll
+ 2005-11-10 17:54:16 41,062 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPCOM.dll
+ 2005-11-10 17:56:14 6,135,897 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPCpl.dll
+ 2005-11-10 18:04:00 761,945 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPEnh.exe
+ 2005-11-10 18:05:08 69,721 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPFcs.dll
+ 2005-11-10 18:05:16 82,009 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynTPLpr.exe
+ 2005-11-10 17:49:20 163,840 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\SynZMetr.exe
+ 2005-11-10 18:05:38 221,184 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\Tutorial.exe
+ 2006-02-28 13:36:20 176,128 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\ADIHdAud.sys
+ 2005-06-07 13:53:46 152,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\aeaudio.sys
+ 2004-08-04 03:08:00 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys
+ 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys
+ 2004-08-04 04:56:44 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
+ 2005-03-22 03:43:15 145,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys
+ 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys
+ 2004-08-04 08:00:00 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2005-04-19 08:06:00 24,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\PostProc.dll
+ 2005-05-20 08:11:06 925,696 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\smax4pnp.exe
+ 2006-02-28 13:41:32 290,816 ----a-w C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\smwdmif.dll
+ 2006-01-19 13:50:36 2,600,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\w39MLRes.dll
+ 2006-01-19 13:50:40 1,428,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\w39n51.sys
+ 2006-01-19 13:50:42 483,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\w39NCPA.dll
+ 2006-07-31 01:00:08 1,155,584 ----a-w C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\AGRSM.sys
+ 2006-07-31 01:00:08 68,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\agrsmdel.exe
- 2005-11-10 17:53:16 82,012 ----a-w C:\WINDOWS\system32\SynCOM.dll
+ 2007-09-15 06:13:24 163,840 ----a-w C:\WINDOWS\system32\SynCOM.dll
- 2005-11-10 17:53:32 114,688 ----a-w C:\WINDOWS\system32\SynCtrl.dll
+ 2007-09-15 06:13:44 196,608 ----a-w C:\WINDOWS\system32\SynCtrl.dll
- 2005-11-10 17:53:58 94,297 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
+ 2007-09-15 06:21:56 147,456 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
+ 2007-09-15 06:50:26 110,592 ----a-w C:\WINDOWS\system32\SynTPCo4.dll
- 2004-08-04 08:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 08:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 08:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console. Just install that and skip the rest of the instructions...do the below after you installed the Recovery Console.

Go to Start->Run and copy/paste ComboFix /snapshot and hit OK. It should run Combofix and give you a new log again....post the log here when ready.
  • 0

#7
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi again... I just read the directions on the link on the Win XP Recovery Console. It asks for the WinXP installation disk, and my mother has no idea where she put it... :)

Is there a work around for setting that up? Would an istallation disk from another computer work? or is there something that could be downloaded?

thanks for your help....
Triska
  • 0

#8
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
duh... ok just found the instructions on what to do if you dont have the disk... hehe ill read this and post again...

Edited by Triska333, 16 April 2008 - 08:05 PM.

  • 0

#9
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is the new log generated by Combofix....

ComboFix 08-04-12.10 - Administrator 2008-04-16 22:14:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /snapshot
.

((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-15 01:20 . 2008-04-15 01:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-14 20:25 . 2008-04-14 20:25 <DIR> d-------- C:\VundoFix Backups
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-13 21:41 . 2008-04-13 21:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-13 15:46 . 2008-04-13 15:46 <DIR> d-------- C:\HOSTSXPERT 4.2
2008-04-13 13:59 . 2008-04-13 13:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 13:59 . 2008-04-13 13:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 12:50 . 2008-04-13 12:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 12:49 . 2008-04-13 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 12:27 . 2008-04-13 12:27 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 01:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-17 01:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:10 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-14 14:54 --------- d-----w C:\Program Files\Java
2008-04-14 01:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 21:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 02:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2008-03-13 22:25 44,088 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-06 04:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-06 04:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 00:19 54,824 ----a-w C:\WINDOWS\agrsmdel.exe
2008-03-01 00:13 1,202,560 ----a-w C:\WINDOWS\system32\drivers\AGRSM.sys
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 08:59 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 08:59 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 21:30 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 14:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 08:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 14:12 17920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 11:03 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 18:51 1187840]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 18:43 892928]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 21:30 1191936]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 14:06 716800]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 03:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-14 10:32 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-14 10:32 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-14 10:32 137752]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 13:49 454656]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-01-23 19:11 802816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 18:39 131072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 22:36 872448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 14:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 00:00:39 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 22:15:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????_??????([email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-16 22:16:05
ComboFix-quarantined-files.txt 2008-04-17 02:16:00
ComboFix2.txt 2008-04-17 01:21:05
ComboFix3.txt 2008-04-13 17:44:01
Pre-Run: 81,801,908,224 bytes free
Post-Run: 81,792,122,880 bytes free
.
2008-04-09 04:27:37 --- E O F ---
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and type in Combofix /u and hit OK to remove Combofix. You should be set to go.
  • 0

#11
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Great! Thanks so much...! After I tried the initial fixes the computer started acting normal again... but i had a feeling there was still some things hidden so I thought i'd post here just incase.... glad I did!... no more problems to report but will come back if anything seems wrong again...

thanks so much for your time! I really appreciate your help!
Triska :)
  • 0

#12
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
actually... i just restarted and having a hard time with Norton Security Protection and the "phishing protection" function... could this be caused by the malware ? :)
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yep, glad you did post back even if your computer was "back to normal" after the initial run. We always tell users to post back because of this. It may seem normal for a day or so...heck, even maybe over a week. But those malware files are still there and dormant. So I'm sure they will cause problems in the short/long run. It's best to stick with it till the end when we say it's clear to go :)

Disconnect from the internet. Go to the Add/Remove Programs panel and see if Norton has a repair option for it. If not, uninstall it completely. Restart the computer and reinstall it back. If you got this from a download (and don't have it on CD), get the download ready on your desktop first before you uninstall it. Best not to leave a computer unprotected while you are online. So uninstall, restart and install it back. Then connect your computer back online.
  • 0

#14
Triska333

Triska333

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks for that! Actually I figured out what happened... :) and it seems to be working ok now... i had to fix something in the settings of Norton to get the password to be authenticated again... whew...

so looks good so far... Mom's happy to have her computer back :)

thanks again!!
Triska
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP