Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack my log [CLOSED]


  • This topic is locked This topic is locked

#1
Vero_

Vero_

    Member

  • Member
  • PipPip
  • 48 posts
ComboFix 08-04-11.5 - Veronica 2008-04-12 14:10:26.2 - NTFSx86 NETWORK
Running from: C:\Documents and Settings\Veronica\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-12 03:08 . 2008-04-12 03:08 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-12 02:19 . 2008-04-12 02:20 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-12 02:18 . 2008-04-12 02:23 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-12 02:17 . 2008-04-12 03:49 <DIR> d-------- C:\Program Files\McAfee
2008-04-12 02:08 . 2008-04-12 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-11 23:06 . 2008-04-11 23:06 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Malwarebytes
2008-04-11 23:04 . 2008-04-11 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 23:04 . 2008-04-11 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 22:41 . 2007-10-31 14:03 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-11 22:10 . 2004-09-28 09:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-04-11 22:10 . 2004-08-04 06:00 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2008-04-11 22:10 . 2004-09-28 09:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-11 21:35 . 2008-04-11 21:35 3,648 --a------ C:\WINDOWS\system32\jnfkqyiv.dll
2008-04-11 20:27 . 2008-04-11 20:27 3,648 --a------ C:\WINDOWS\system32\jdfkmusk.dll
2008-04-11 20:17 . 2008-04-11 20:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:17 . 2008-04-11 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 20:48 . 2008-04-10 20:48 <DIR> d-------- C:\Program Files\Avira
2008-04-10 20:32 . 2008-04-10 20:32 3,648 --a------ C:\WINDOWS\system32\qikqpxqp.dll
2008-04-09 23:47 . 2008-04-12 02:22 <DIR> d-------- C:\mcafee_mcpr
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\WINDOWS
2008-04-09 23:44 . 2008-04-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-09 20:00 . 2008-04-09 20:00 3,648 --a------ C:\WINDOWS\system32\chntjwry.dll
2008-04-08 21:04 . 2008-04-09 23:46 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-08 11:03 . 2008-04-09 22:02 526 --ahs---- C:\WINDOWS\system32\ilxtqlui.ini
2008-04-08 11:00 . 2008-04-08 11:00 3,648 --a------ C:\WINDOWS\system32\wgacfutv.dll
2008-04-08 10:57 . 2008-04-11 20:28 101,091 --a------ C:\WINDOWS\BMeffb3b23.xml
2008-04-07 23:31 . 2008-04-07 23:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-07 23:25 . 2008-04-07 23:37 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-07 23:25 . 2008-04-07 23:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-07 23:20 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 23:02 . 2008-04-11 23:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 22:07 . 2008-04-07 22:07 20,480 --a------ C:\WINDOWS\quit.exe
2008-04-07 21:40 . 2008-04-07 21:40 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-04-07 15:45 . 1998-03-31 03:16 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-07 12:51 . 2008-04-07 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 <DIR> d-------- C:\Program Files\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 61,224 --a------ C:\Documents and Settings\Veronica\GoToAssistDownloadHelper.exe
2008-04-07 12:13 . 2008-04-07 12:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 22:38 . 2008-04-06 22:38 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 12:59 . 2008-04-06 12:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 12:58 . 2008-04-11 00:38 <DIR> d-------- C:\Documents and Settings\Veronica\.housecall6.6
2008-04-06 09:07 . 2008-04-06 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-06 08:50 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 08:37 . 2008-04-06 08:37 <DIR> d-------- C:\Documents and Settings\Baby\Application Data\LimeWire
2008-04-06 08:31 . 2008-04-06 08:34 354 --ahs---- C:\WINDOWS\system32\vascolbd.ini
2008-04-05 22:32 . 2008-04-05 22:49 9,635,840 --a------ C:\dump_dvd.vob
2008-04-05 17:24 . 2008-04-05 17:24 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-05 17:21 . 2008-04-05 17:21 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-05 17:21 . 2008-04-05 17:21 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\WINDOWS\system32\wii
2008-04-05 17:20 . 2008-04-09 23:47 <DIR> d-------- C:\WINDOWS\system32\pinz1
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\WINDOWS\system32\IDE2
2008-04-05 17:20 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\ExTmp
2008-04-05 17:20 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\bharebio18
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\Temp\wdlw14
2008-04-05 17:20 . 2008-04-11 23:59 <DIR> d-------- C:\Temp
2008-04-05 16:16 . 2008-04-09 23:45 <DIR> d-------- C:\Program Files\MyCentria
2008-04-03 14:23 . 2008-04-12 13:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 14:23 . 2008-04-03 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 14:21 . 2008-04-03 14:21 <DIR> d-------- C:\Program Files\iPod
2008-04-03 14:19 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\Bonjour
2008-04-03 14:18 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 13:40 . 2008-04-03 13:40 <DIR> d-------- C:\Program Files\MSBuild
2008-04-03 13:29 . 2008-04-03 13:29 20,480 --ahs---- C:\WINDOWS\system32\alrsvcm.dll
2008-04-03 12:45 . 2008-04-03 12:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-03 11:46 . 2008-04-05 15:58 193 --a-s---- C:\WINDOWS\system32\2338419952.dat
2008-04-02 22:35 . 2008-04-02 22:36 <DIR> d-------- C:\Program Files\Adobe Photoshop CS3 Lite ENG
2008-03-29 14:19 . 2008-04-05 16:14 <DIR> d-------- C:\Program Files\Comprehensive Review 3e
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:23 . 2008-04-12 13:56 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\OpenOffice.org2
2008-03-21 21:26 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Azureus
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-13 12:24 . 2008-03-13 12:25 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-03-13 12:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 12:45 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-04-12 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 06:06 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-04-07 18:50 --------- d-----w C:\Program Files\Dl_cats
2008-04-05 20:25 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Jasc Software Inc
2008-04-03 18:22 --------- d-----w C:\Program Files\iTunes
2008-04-03 17:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 17:38 --------- d-----w C:\Documents and Settings\Veronica\Application Data\AdobeUM
2008-03-29 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 01:42 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Skype
2008-03-25 01:19 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 16:24 --------- d-----w C:\Program Files\Java
2008-03-10 17:13 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mail.Ru
2008-03-10 14:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 04:18 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mra
2008-03-03 02:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Skype
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-10-14 19:33 56 --sh--r C:\WINDOWS\system32\E1E48FE4D4.sys
2006-03-23 15:08 418,097 --sha-w C:\WINDOWS\system32\tttss.bak1
2006-04-06 00:02 605,923 --sha-w C:\WINDOWS\system32\tttss.bak2
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_ 0.15.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-10 19:34:36 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-04-12 07:23:42 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-03-10 19:34:51 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-04-12 07:23:57 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-03-10 19:34:52 4,317,184 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-04-12 07:22:59 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-03-10 19:34:54 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-12 07:24:03 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-03-10 19:34:47 2,893,824 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-04-12 07:23:22 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-03-10 19:34:29 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-04-12 07:24:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-03-10 19:34:29 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 07:24:10 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-03-10 19:35:06 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-04-12 07:23:58 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-03-10 19:34:41 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-04-12 07:23:17 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-03-10 19:34:35 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-04-12 07:23:36 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-03-10 19:34:29 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-04-12 07:23:19 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-03-10 19:34:31 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-04-12 07:23:40 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-03-10 19:34:49 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-04-12 07:23:48 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-03-10 19:34:50 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-04-12 07:23:51 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-03-10 19:34:50 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-04-12 07:23:52 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-03-10 19:34:32 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-04-12 07:24:12 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-03-10 19:34:33 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-04-12 07:24:13 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-03-10 19:34:34 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-04-12 07:24:16 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-03-10 19:34:34 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-04-12 07:24:18 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-03-10 19:34:32 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-12 07:23:53 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-03-10 19:35:10 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-04-12 07:23:50 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-03-10 19:35:09 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-04-12 07:23:47 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-03-10 19:34:26 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-04-12 07:24:04 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-03-10 19:35:08 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-04-12 07:23:46 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-03-10 19:35:11 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-04-12 07:23:10 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-03-10 19:34:28 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-04-12 07:24:08 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-03-10 19:34:27 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-04-12 07:23:45 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-03-10 19:34:27 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-04-12 07:23:43 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-03-10 19:34:58 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-04-12 07:23:55 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-03-10 19:34:37 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-04-12 07:23:56 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-03-10 19:34:59 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-04-12 07:23:20 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-03-10 19:34:55 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-04-12 07:23:24 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-03-10 19:34:30 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-04-12 07:23:26 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-03-10 19:34:48 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-04-12 07:24:22 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-03-10 19:34:39 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-04-12 07:24:14 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-03-10 19:34:38 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-04-12 07:23:37 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-03-10 19:34:39 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-04-12 07:24:07 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-03-10 19:35:03 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-04-12 07:23:11 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-03-10 19:34:56 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-04-12 07:24:09 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-03-10 19:35:05 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-04-12 07:24:06 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-03-10 19:34:57 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-04-12 07:24:02 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-03-10 19:34:57 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-04-12 07:24:00 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-03-10 19:34:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-04-12 07:23:13 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-03-10 19:34:40 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-04-12 07:23:14 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-03-10 19:35:07 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-04-12 07:23:32 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-03-10 19:34:41 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-04-12 07:23:35 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-03-10 19:34:42 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-04-12 07:23:31 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-03-10 19:34:44 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-04-12 07:23:39 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-03-10 19:34:46 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-04-12 07:23:16 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-03-10 19:35:02 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-12 07:23:29 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-04-12 07:33:34 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-04-12 07:33:43 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-04-12 07:33:53 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-04-12 07:33:50 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-04-12 07:33:58 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-04-12 07:34:00 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-04-12 07:34:11 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-04-12 07:34:16 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-04-12 07:34:28 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-04-12 07:28:16 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-04-12 07:34:31 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-04-12 07:29:50 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-04-12 07:34:36 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-04-12 07:30:48 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-04-12 07:34:41 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-04-12 07:34:44 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-04-12 07:30:55 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-04-12 07:30:53 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-04-12 07:34:48 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-04-12 07:34:48 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-04-12 07:34:51 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-04-12 07:34:54 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-04-12 07:35:03 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-04-12 07:36:17 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-04-12 07:36:19 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-04-12 07:36:25 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-04-12 07:36:07 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-04-12 07:31:38 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-04-12 07:32:08 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-04-12 07:29:13 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2006-10-27 03:00:12 1,841,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
- 2008-04-03 20:38:29 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-04-12 07:32:20 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-03 20:38:30 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-12 07:32:20 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-03 20:38:30 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-04-12 07:32:20 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-03 20:38:30 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-12 07:32:20 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-03 20:38:30 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-12 07:32:20 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-03 20:38:30 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-12 07:32:20 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-03 20:38:30 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-12 07:32:21 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-03 20:38:30 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-04-12 07:32:20 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-03 20:38:30 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-12 07:32:20 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-03 20:38:30 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-04-12 07:32:20 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-03 20:38:30 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-12 07:32:20 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-03 20:38:29 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-12 07:32:20 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2005-09-23 12:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2007-10-24 05:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 12:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
+ 2007-10-24 05:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
- 2005-09-23 12:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
- 2005-09-23 12:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
- 2005-09-23 12:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
+ 2007-10-24 05:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll
- 2005-09-23 12:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2007-10-24 05:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
- 2005-09-23 12:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2007-10-24 05:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
- 2005-09-23 12:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2007-10-24 05:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
- 2005-09-23 12:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2007-10-24 05:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
- 2005-09-23 12:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2007-10-24 05:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
- 2005-09-23 12:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2007-10-24 05:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
- 2005-09-23 12:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2007-10-24 05:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 12:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2007-10-24 05:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
- 2005-09-23 12:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2007-10-24 05:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
- 2005-09-23 12:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-10-24 05:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 12:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 05:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 12:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-10-24 05:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 12:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-10-24 05:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 12:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-10-24 05:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 12:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-10-24 05:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 12:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 05:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 12:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-10-24 05:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 12:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 05:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 12:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-10-24 05:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 12:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-10-24 05:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 12:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-10-24 05:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 12:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 05:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 12:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-10-24 05:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
- 2005-09-23 12:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2007-10-24 05:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
- 2005-09-23 12:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2007-10-24 05:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
- 2005-09-23 12:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2007-10-24 05:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
- 2005-09-23 12:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2007-10-24 05:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 12:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2007-10-24 05:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
- 2005-09-23 12:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2007-10-24 05:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
- 2005-09-23 12:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2007-10-24 05:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
- 2005-09-23 12:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 05:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 12:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2007-10-24 05:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 12:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2007-10-24 05:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
- 2005-09-23 12:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2007-10-24 05:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
- 2005-09-23 12:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 05:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 12:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2007-10-24 05:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 12:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2007-10-24 05:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
- 2005-09-23 12:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2007-10-24 05:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
- 2005-09-23 12:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-10-24 05:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 12:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 05:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 12:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2007-10-24 05:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 12:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2007-10-24 05:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 12:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 05:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 12:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-10-24 05:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 12:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2007-10-24 05:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 12:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-10-24 05:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 12:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2007-10-24 05:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
- 2005-09-23 12:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2007-10-24 05:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
- 2005-09-23 12:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2007-10-24 05:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
- 2005-09-23 12:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2007-10-24 05:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 12:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2007-10-24 05:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 12:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2007-10-24 05:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
- 2005-09-23 12:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2007-10-24 05:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
- 2005-09-23 12:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2007-10-24 05:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 12:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2007-10-24 05:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2005-09-23 12:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2007-10-24 05:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 12:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-10-24 05:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 12:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 05:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2006-08-04 08:03:04 801,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-10-24 05:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2005-09-23 12:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2007-10-24 05:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
- 2005-09-23 12:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2007-10-24 05:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
- 2005-09-23 12:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2007-10-24 05:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
- 2006-07-28 07:50:58 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2007-10-24 05:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2005-09-23 12:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2007-10-24 05:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
- 2006-08-04 08:03:04 4,317,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2007-10-24 05:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2005-09-23 12:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2007-10-24 05:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
- 2005-09-23 12:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2007-10-24 05:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- 2005-09-23 12:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2007-10-24 05:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
- 2005-09-23 12:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2007-10-24 05:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
- 2005-09-23 12:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2007-10-24 05:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
- 2005-09-23 12:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2007-10-24 05:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
- 2005-09-23 12:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2007-10-24 05:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
- 2006-08-04 08:02:58 5,624,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2007-10-24 05:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2005-09-23 12:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2007-10-24 05:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
- 2005-09-23 12:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2007-10-24 05:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
- 2006-08-04 08:03:04 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2007-10-24 05:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
- 2005-09-23 12:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2007-10-24 05:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
- 2005-09-23 12:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2007-10-24 05:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
- 2005-09-23 12:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 05:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 12:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 05:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 12:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2007-10-24 05:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
- 2005-09-23 12:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2007-10-24 05:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
- 2005-09-23 12:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2007-10-24 05:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
- 2005-09-23 12:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2007-10-24 05:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
- 2006-08-04 08:03:04 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2007-10-24 05:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2005-09-23 12:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2007-10-24 05:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 12:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2007-10-24 05:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
- 2005-09-23 12:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2007-10-24 05:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
- 2006-08-04 08:03:02 2,893,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2007-10-24 05:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
- 2005-09-23 12:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2007-10-24 05:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
- 2005-09-23 12:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2007-10-24 05:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
- 2005-09-23 12:28:38 884,736 ----a-w C:&
  • 0

Advertisements


#2
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:13 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Mail.Ru\Agent\MAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {23216E68-9484-46A9-B40C-454D93979C83} - C:\WINDOWS\system32\xxyvwTnM.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,[email protected]
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\mcntmkdn.exe DWram
O4 - HKLM\..\Run: [ecc808bf] rundll32.exe "C:\WINDOWS\system32\eirgxmqq.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZSzed055CJUS_ZN
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?aa113015613343e1af7152f356ac9551
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?aa113015613343e1af7152f356ac9551
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru ????? - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Veronica\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0221091208023381) (0221091208023381mcinstcleanup) - Unknown owner - C:\DOCUME~1\Veronica\LOCALS~1\Temp\022109~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service MpfServiceBrowser (MpfServiceBrowser) - Unknown owner - C:\WINDOWS\system32\2052h.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13259 bytes
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please do not create duplicate topics for the same issue. Topics merged....

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {23216E68-9484-46A9-B40C-454D93979C83} - C:\WINDOWS\system32\xxyvwTnM.dll (file missing)
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\mcntmkdn.exe DWram
O4 - HKLM\..\Run: [ecc808bf] rundll32.exe "C:\WINDOWS\system32\eirgxmqq.dll",b
O8 - Extra context menu item: &Search - ?p=ZSzed055CJUS_ZN
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll (file missing)
O23 - Service: McAfee Personal Firewall Service MpfServiceBrowser (MpfServiceBrowser) - Unknown owner - C:\WINDOWS\system32\2052h.exe (file missing)


Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop MpfServiceBrowser
sc delete MpfServiceBrowser
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\jnfkqyiv.dll
C:\WINDOWS\system32\jdfkmusk.dll
C:\WINDOWS\system32\qikqpxqp.dll
C:\WINDOWS\system32\chntjwry.dll
C:\WINDOWS\system32\ilxtqlui.ini
C:\WINDOWS\system32\wgacfutv.dll
C:\WINDOWS\BMeffb3b23.xml
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\vaio3-011.ico
C:\WINDOWS\system32\vascolbd.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\alrsvcm.dll
C:\WINDOWS\system32\2338419952.dat
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\mcntmkdn.exe
C:\WINDOWS\system32\eirgxmqq.dll

Folder::
C:\WINDOWS\system32\bharebio01
C:\WINDOWS\system32\wii
C:\WINDOWS\system32\pinz1
C:\WINDOWS\system32\IDE2
C:\WINDOWS\system32\ExTmp
C:\WINDOWS\system32\bharebio18
C:\Temp\wdlw14

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#4
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thank you! Here is the log:

ComboFix 08-04-11.5 - Veronica 2008-04-14 21:07:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -4:00]
Running from: C:\Documents and Settings\Veronica\Desktop\ComboFix.exe
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 15:49 . 2008-04-14 19:50 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\AVG7
2008-04-12 15:44 . 2008-04-12 15:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-12 15:43 . 2008-04-12 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 15:43 . 2008-04-13 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 14:32 . 2008-04-12 14:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 03:08 . 2008-04-12 03:08 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-11 23:06 . 2008-04-11 23:06 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Malwarebytes
2008-04-11 23:04 . 2008-04-11 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 23:04 . 2008-04-11 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 22:41 . 2007-10-31 14:03 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-11 22:10 . 2004-09-28 09:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-04-11 22:10 . 2004-08-04 06:00 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2008-04-11 22:10 . 2004-09-28 09:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-11 20:17 . 2008-04-11 20:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:17 . 2008-04-11 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 20:48 . 2008-04-10 20:48 <DIR> d-------- C:\Program Files\Avira
2008-04-09 23:47 . 2008-04-12 02:22 <DIR> d-------- C:\mcafee_mcpr
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\WINDOWS
2008-04-09 23:44 . 2008-04-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-08 21:04 . 2008-04-09 23:46 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-08 11:03 . 2008-04-09 22:02 526 --ahs---- C:\WINDOWS\system32\ilxtqlui.ini
2008-04-08 10:57 . 2008-04-11 20:28 101,091 --a------ C:\WINDOWS\BMeffb3b23.xml
2008-04-07 23:31 . 2008-04-07 23:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-07 23:25 . 2008-04-07 23:37 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-07 23:25 . 2008-04-07 23:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-07 23:20 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 23:02 . 2008-04-11 23:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 21:40 . 2008-04-07 21:40 9,662 --a------ C:\WINDOWS\system32\vaio3-011.ico
2008-04-07 15:45 . 1998-03-31 03:16 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-07 12:51 . 2008-04-07 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 <DIR> d-------- C:\Program Files\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 61,224 --a------ C:\Documents and Settings\Veronica\GoToAssistDownloadHelper.exe
2008-04-07 12:13 . 2008-04-07 12:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 22:38 . 2008-04-06 22:38 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 12:59 . 2008-04-06 12:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 12:58 . 2008-04-11 00:38 <DIR> d-------- C:\Documents and Settings\Veronica\.housecall6.6
2008-04-06 09:07 . 2008-04-06 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-06 08:50 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-06 08:37 . 2008-04-06 08:37 <DIR> d-------- C:\Documents and Settings\Baby\Application Data\LimeWire
2008-04-06 08:31 . 2008-04-06 08:34 354 --ahs---- C:\WINDOWS\system32\vascolbd.ini
2008-04-05 22:32 . 2008-04-13 22:27 2,807,808 --a------ C:\dump_dvd.vob
2008-04-05 17:24 . 2008-04-05 17:24 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-05 17:21 . 2008-04-05 17:21 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-05 17:21 . 2008-04-05 17:21 937 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\WINDOWS\system32\wii
2008-04-05 17:20 . 2008-04-09 23:47 <DIR> d-------- C:\WINDOWS\system32\pinz1
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\WINDOWS\system32\IDE2
2008-04-05 17:20 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\ExTmp
2008-04-05 17:20 . 2008-04-09 23:44 <DIR> d-------- C:\WINDOWS\system32\bharebio18
2008-04-05 17:20 . 2008-04-05 17:20 <DIR> d-------- C:\Temp\wdlw14
2008-04-05 17:20 . 2008-04-11 23:59 <DIR> d-------- C:\Temp
2008-04-05 16:16 . 2008-04-09 23:45 <DIR> d-------- C:\Program Files\MyCentria
2008-04-03 14:23 . 2008-04-14 19:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 14:23 . 2008-04-03 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 14:21 . 2008-04-03 14:21 <DIR> d-------- C:\Program Files\iPod
2008-04-03 14:19 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\Bonjour
2008-04-03 14:18 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 13:40 . 2008-04-03 13:40 <DIR> d-------- C:\Program Files\MSBuild
2008-04-03 13:29 . 2008-04-03 13:29 20,480 --ahs---- C:\WINDOWS\system32\alrsvcm.dll
2008-04-03 12:45 . 2008-04-03 12:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-03 11:46 . 2008-04-05 15:58 193 --a-s---- C:\WINDOWS\system32\2338419952.dat
2008-04-02 22:35 . 2008-04-02 22:36 <DIR> d-------- C:\Program Files\Adobe Photoshop CS3 Lite ENG
2008-03-29 14:19 . 2008-04-05 16:14 <DIR> d-------- C:\Program Files\Comprehensive Review 3e
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:23 . 2008-04-12 16:15 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\OpenOffice.org2
2008-03-21 21:26 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Azureus
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:59 --------- d--h--w C:\Documents and Settings\Veronica\Application Data\Move Networks
2008-04-12 20:18 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-12 12:45 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-04-12 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 06:06 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-04-07 18:50 --------- d-----w C:\Program Files\Dl_cats
2008-04-05 20:25 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Jasc Software Inc
2008-04-03 18:22 --------- d-----w C:\Program Files\iTunes
2008-04-03 17:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 17:38 --------- d-----w C:\Documents and Settings\Veronica\Application Data\AdobeUM
2008-03-29 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 01:42 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Skype
2008-03-25 01:19 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 16:24 --------- d-----w C:\Program Files\Java
2008-03-10 17:13 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mail.Ru
2008-03-10 14:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 04:18 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mra
2008-03-03 02:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Skype
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-10-14 19:33 56 --sh--r C:\WINDOWS\system32\E1E48FE4D4.sys
2006-03-23 15:08 418,097 --sha-w C:\WINDOWS\system32\tttss.bak1
2006-04-06 00:02 605,923 --sha-w C:\WINDOWS\system32\tttss.bak2
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:53 68856]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-02-16 21:15 983040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 17:43 69632]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"MAgent"="C:\Program Files\Mail.Ru\Agent\MAgent.exe" [2008-02-19 20:26 4457976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-12 15:44 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:53 68856]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 15:44 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-04-07 12:50 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
--a------ 2005-01-18 10:57 425984 C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-14 10:18 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1135564880\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-10 02:29 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aim6.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Mail.Ru\\Agent\\magent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 0221091208023381mcinstcleanup;McAfee Application Installer Cleanup (0221091208023381);C:\DOCUME~1\Veronica\LOCALS~1\Temp\022109~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 23:41:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 00:42:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 21:11:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-14 21:12:36
ComboFix-quarantined-files.txt 2008-04-15 01:12:19
ComboFix2.txt 2008-04-12 18:15:24
ComboFix3.txt 2008-04-12 04:16:44
Pre-Run: 48,886,640,640 bytes free
Post-Run: 48,868,921,344 bytes free
.
2008-04-12 07:32:34 --- E O F ---
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It didn't budge....did you run into any problems creating and dragging the CFScript.txt file into ComboFix? Try to do it again. Create a notepad file and copy the contents in the quote box into that file. Safe it as "CFScript.txt" and then drag and drop the file for it into ComboFix again.
  • 0

#6
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is the new log:

ComboFix 08-04-11.5 - Veronica 2008-04-14 23:41:09.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.178 [GMT -4:00]
Running from: C:\Documents and Settings\Veronica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Veronica\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BMeffb3b23.xml
C:\WINDOWS\quit.exe
C:\WINDOWS\system32\2338419952.dat
C:\WINDOWS\system32\alrsvcm.dll
C:\WINDOWS\system32\chntjwry.dll
C:\WINDOWS\system32\eirgxmqq.dll
C:\WINDOWS\system32\ilxtqlui.ini
C:\WINDOWS\system32\jdfkmusk.dll
C:\WINDOWS\system32\jnfkqyiv.dll
C:\WINDOWS\system32\mcntmkdn.exe
C:\WINDOWS\system32\qikqpxqp.dll
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\vaio3-011.ico
C:\WINDOWS\system32\vascolbd.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wgacfutv.dll
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\wdlw14
C:\Temp\wdlw14\maxN1bo.log
C:\WINDOWS\BMeffb3b23.xml
C:\WINDOWS\system32\2338419952.dat
C:\WINDOWS\system32\alrsvcm.dll
C:\WINDOWS\system32\bharebio01
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\ExTmp
C:\WINDOWS\system32\IDE2
C:\WINDOWS\system32\IDE2\mdllcom2.exe
C:\WINDOWS\system32\ilxtqlui.ini
C:\WINDOWS\system32\pinz1
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\vaio3-011.ico
C:\WINDOWS\system32\vascolbd.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\wii
C:\WINDOWS\system32\wii\HTgn1dll.exe
C:\WINDOWS\system32\winpfz33.sys

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-12 15:49 . 2008-04-14 21:19 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\AVG7
2008-04-12 15:44 . 2008-04-12 15:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-12 15:43 . 2008-04-12 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 15:43 . 2008-04-13 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 14:32 . 2008-04-12 14:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 03:08 . 2008-04-12 03:08 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-11 23:06 . 2008-04-11 23:06 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Malwarebytes
2008-04-11 23:04 . 2008-04-11 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 23:04 . 2008-04-11 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 22:41 . 2007-10-31 14:03 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-11 22:10 . 2004-09-28 09:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-04-11 22:10 . 2004-08-04 06:00 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2008-04-11 22:10 . 2004-09-28 09:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-11 20:17 . 2008-04-11 20:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:17 . 2008-04-11 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 20:48 . 2008-04-10 20:48 <DIR> d-------- C:\Program Files\Avira
2008-04-09 23:47 . 2008-04-12 02:22 <DIR> d-------- C:\mcafee_mcpr
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\WINDOWS
2008-04-09 23:44 . 2008-04-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-08 21:04 . 2008-04-09 23:46 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-07 23:31 . 2008-04-07 23:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-07 23:25 . 2008-04-07 23:37 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-07 23:25 . 2008-04-07 23:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-07 23:20 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 23:02 . 2008-04-11 23:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 15:45 . 1998-03-31 03:16 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-07 12:51 . 2008-04-07 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 <DIR> d-------- C:\Program Files\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 61,224 --a------ C:\Documents and Settings\Veronica\GoToAssistDownloadHelper.exe
2008-04-07 12:13 . 2008-04-07 12:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 22:38 . 2008-04-06 22:38 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 12:59 . 2008-04-06 12:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 12:58 . 2008-04-11 00:38 <DIR> d-------- C:\Documents and Settings\Veronica\.housecall6.6
2008-04-06 09:07 . 2008-04-06 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-06 08:37 . 2008-04-06 08:37 <DIR> d-------- C:\Documents and Settings\Baby\Application Data\LimeWire
2008-04-05 22:32 . 2008-04-13 22:27 2,807,808 --a------ C:\dump_dvd.vob
2008-04-05 17:20 . 2008-04-14 23:41 <DIR> d-------- C:\Temp
2008-04-05 16:16 . 2008-04-09 23:45 <DIR> d-------- C:\Program Files\MyCentria
2008-04-03 14:23 . 2008-04-14 19:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 14:23 . 2008-04-03 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 14:21 . 2008-04-03 14:21 <DIR> d-------- C:\Program Files\iPod
2008-04-03 14:19 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\Bonjour
2008-04-03 14:18 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 13:40 . 2008-04-03 13:40 <DIR> d-------- C:\Program Files\MSBuild
2008-04-03 12:45 . 2008-04-03 12:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-02 22:35 . 2008-04-02 22:36 <DIR> d-------- C:\Program Files\Adobe Photoshop CS3 Lite ENG
2008-03-29 14:19 . 2008-04-05 16:14 <DIR> d-------- C:\Program Files\Comprehensive Review 3e
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:23 . 2008-04-12 16:15 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\OpenOffice.org2
2008-03-21 21:26 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Azureus
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:59 --------- d--h--w C:\Documents and Settings\Veronica\Application Data\Move Networks
2008-04-12 20:18 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-12 12:45 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-04-12 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 06:06 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-04-07 18:50 --------- d-----w C:\Program Files\Dl_cats
2008-04-05 20:25 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Jasc Software Inc
2008-04-03 18:22 --------- d-----w C:\Program Files\iTunes
2008-04-03 17:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 17:38 --------- d-----w C:\Documents and Settings\Veronica\Application Data\AdobeUM
2008-03-29 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 01:42 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Skype
2008-03-25 01:19 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Corel
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 16:24 --------- d-----w C:\Program Files\Java
2008-03-10 17:13 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mail.Ru
2008-03-10 14:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 04:18 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mra
2008-03-03 02:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Skype
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-10-14 19:33 56 --sh--r C:\WINDOWS\system32\E1E48FE4D4.sys
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:53 68856]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-02-16 21:15 983040]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 17:43 69632]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"MAgent"="C:\Program Files\Mail.Ru\Agent\MAgent.exe" [2008-02-19 20:26 4457976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-12 15:44 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:53 68856]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 15:44 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-04-07 12:50 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
--a------ 2005-01-18 10:57 425984 C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-14 10:18 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1135564880\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-10 02:29 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aim6.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Mail.Ru\\Agent\\magent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 0221091208023381mcinstcleanup;McAfee Application Installer Cleanup (0221091208023381);C:\DOCUME~1\Veronica\LOCALS~1\Temp\022109~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 23:41:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 03:42:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 23:44:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-14 23:44:52
ComboFix-quarantined-files.txt 2008-04-15 03:44:36
ComboFix2.txt 2008-04-15 01:12:37
ComboFix3.txt 2008-04-12 18:15:24
ComboFix4.txt 2008-04-12 04:16:44
Pre-Run: 48,965,922,816 bytes free
Post-Run: 48,949,350,400 bytes free
.
2008-04-12 07:32:34 --- E O F ---
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you use the Mail.RU program?

Uninstall MyWebSearch via the Add/Remove Programs panel.

Other than that, you should be clear. Go to Start->Run and type in Combofix /u and hit OK.

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#8
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I use Mail.Ru. Why? Is that where i got virus from? If it is then i'll delete it!
My computer dont freeze on me anymore but still slow. Anything else i should or could do? Thank you!
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You may keep it....just want to see if you were using it as I see other applications that are connected to it.

It could be slow because of too many startup programs. You can try disabling a bunch of them to see if it helps (see below)...

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')


Restart the computer. Any better now?
  • 0

#10
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
YES! thank you so much! couple of more things: 1) I dont want Mail.Ru Agent start when i turn on my computer, how should i do it? 2) I just run Spybot Search and Destroy and it found 9 more infected files. is it normal? 2) What should i do with Quarantine files in Malwarebytes Antimalware, Spybot Search & Destroy and Virus Vault in AVG antivirus?
  • 0

Advertisements


#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Fixing the below entry in HijackThis should disable the Mail.Ru Agent from running at startup:

O4 - HKLM\..\Run: [MAgent] C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM

What kind of entries did Spybot find? For the quarantined files, you can either leave them alone or go into their quarantined folders/settings (usually can be accessed in the program itself...look for it) and delete them from there.
  • 0

#12
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here it is:
DoubleClick
Rightmedia
ZenoSearch
PSW.WOW
Alnet
Cydoor
Virtumonde
FunWeb
180Solutions
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Does Spybot remove them successfully? If so, restart the computer and run another scan to see if any are still found. If none are found now, you should be set to go. If something is found, try running Panda:

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.


Then also post a new Combofix log.
  • 0

#14
Vero_

Vero_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's Panda's report:

Low danger level (24)
Adware/DnsInsi... Adware
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...Anti-Malware\Quarantine\QUAR1.15148
Cookie/Apmebf Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.bk0[.apmebf.com/]
Cookie/Traffic... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.trafficmp.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.trafficmp.com/]
Cookie/Atwola Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Cookies\[email protected][2].txt
2. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.atwola.com/]
Cookie/BurstNe... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...default\cookies.bk0[.burstnet.com/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.bs.serving-sys.com/]
Cookie/Server.... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ies.txt[server.iad.liveperson.net/]
Cookie/RealMed... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.txt[.realmedia.com/]
2. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.realmedia.com/]
Cookie/YieldMa... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[ad.yieldmanager.com/]
2. C:\Documents and Settings\Veronica\Applicatio...t\cookies.bk0[ad.yieldmanager.com/]
Cookie/Serving... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.serving-sys.com/]
Cookie/Questio... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...t\cookies.txt[.questionmarket.com/]
2. C:\Documents and Settings\Veronica\Cookies\[email protected][2].txt
Cookie/Yadro Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Cookies\[email protected][1].txt
2. C:\Documents and Settings\Veronica\Applicatio...g2r.default\cookies.txt[.yadro.ru/]
Cookie/Tribalf... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ult\cookies.txt[.tribalfusion.com/]
Cookie/Adverti... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.txt[.advertising.com/]
2. C:\Documents and Settings\Veronica\Cookies\[email protected][2].txt
3. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.advertising.com/]
Cookie/FastCli... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...efault\cookies.bk0[.fastclick.net/]
Cookie/Adrevol... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...fault\cookies.bk0[.adrevolver.com/]
Cookie/Com.com Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...eg2r.default\cookies.txt[.com.com/]
application/er... Tracking Application
Latent
Hide + Info
1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...5ff73b-ca67-11d5-99dd-444553540006}
Cookie/Atlas D... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.atdmt.com/]
2. C:\Documents and Settings\Veronica\Cookies\[email protected][2].txt
3. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.bk0[.atdmt.com/]
Cookie/did-it Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...r.default\cookies.txt[.did-it.com/]
Cookie/Overtur... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.perf.overture.com/]
Cookie/PointRo... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...lt\cookies.txt[.ads.pointroll.com/]
Cookie/HotLog Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...2r.default\cookies.txt[.hotlog.ru/]
Cookie/Doublec... Tracking Cookie
Latent
Hide + Info
1. C:\Documents and Settings\Veronica\Applicatio...ault\cookies.bk0[.doubleclick.net/]

Suspicious files (1)
C:\Documents and Settings\Veronica\Local Sett...\dmpneg2r.default\Cache\EA72E1E9d01


And Combofix:

ComboFix 08-04-17.1 - Veronica 2008-04-18 19:56:11.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.181 [GMT -4:00]
Running from: C:\Documents and Settings\Veronica\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-17 22:59 . 2008-04-17 23:00 <DIR> d-------- C:\Program Files\Panda Security
2008-04-16 20:44 . 2008-04-16 20:44 <DIR> d-------- C:\89646d52ff17360286a6
2008-04-12 16:50 . 2008-04-13 21:55 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-12 15:49 . 2008-04-18 19:47 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\AVG7
2008-04-12 15:44 . 2008-04-12 15:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-12 15:43 . 2008-04-12 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 15:43 . 2008-04-13 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 14:32 . 2008-04-12 14:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 03:08 . 2008-04-12 03:08 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-11 23:06 . 2008-04-11 23:06 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Malwarebytes
2008-04-11 23:04 . 2008-04-11 23:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 23:04 . 2008-04-11 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-11 22:41 . 2007-10-31 14:03 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-11 22:10 . 2004-09-28 09:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-04-11 22:10 . 2004-08-04 06:00 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2008-04-11 22:10 . 2004-09-28 09:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-11 20:17 . 2008-04-11 20:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:17 . 2008-04-11 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 20:48 . 2008-04-10 20:48 <DIR> d-------- C:\Program Files\Avira
2008-04-09 23:47 . 2008-04-12 02:22 <DIR> d-------- C:\mcafee_mcpr
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-09 23:46 . 2008-04-09 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\WINDOWS
2008-04-09 23:44 . 2008-04-11 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 23:44 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-08 21:04 . 2008-04-09 23:46 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-07 23:31 . 2008-04-07 23:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-07 23:25 . 2008-04-07 23:37 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-07 23:25 . 2008-04-07 23:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-07 23:20 . 2008-04-11 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 23:02 . 2008-04-11 23:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-07 15:45 . 1998-03-31 03:16 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-07 12:51 . 2008-04-07 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 <DIR> d-------- C:\Program Files\Citrix
2008-04-07 12:50 . 2008-04-07 12:50 61,224 --a------ C:\Documents and Settings\Veronica\GoToAssistDownloadHelper.exe
2008-04-07 12:13 . 2008-04-07 12:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 22:38 . 2008-04-17 22:59 2,566 --a------ C:\WINDOWS\mozver.dat
2008-04-06 18:20 . 2008-04-12 15:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-06 18:20 . 2008-04-18 19:56 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-06 12:59 . 2008-04-06 12:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 12:58 . 2008-04-11 00:38 <DIR> d-------- C:\Documents and Settings\Veronica\.housecall6.6
2008-04-06 09:07 . 2008-04-06 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-05 22:32 . 2008-04-13 22:27 2,807,808 --a------ C:\dump_dvd.vob
2008-04-05 17:20 . 2008-04-14 23:41 <DIR> d-------- C:\Temp
2008-04-05 17:09 . 2008-04-18 19:56 1,024 --ah----- C:\Documents and Settings\New Folder\NTUSER.DAT.LOG
2008-04-05 16:16 . 2008-04-09 23:45 <DIR> d-------- C:\Program Files\MyCentria
2008-04-03 14:23 . 2008-04-16 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-03 14:23 . 2008-04-03 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 14:21 . 2008-04-03 14:21 <DIR> d-------- C:\Program Files\iPod
2008-04-03 14:19 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\Bonjour
2008-04-03 14:18 . 2008-04-03 14:19 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 13:40 . 2008-04-03 13:40 <DIR> d-------- C:\Program Files\MSBuild
2008-04-03 12:45 . 2008-04-03 12:45 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-02 22:35 . 2008-04-02 22:36 <DIR> d-------- C:\Program Files\Adobe Photoshop CS3 Lite ENG
2008-03-29 14:19 . 2008-04-05 16:14 <DIR> d-------- C:\Program Files\Comprehensive Review 3e
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:23 . 2008-04-12 16:15 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\OpenOffice.org2
2008-03-21 21:26 . 2008-04-09 23:44 <DIR> d-------- C:\Documents and Settings\Veronica\Application Data\Azureus
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:59 --------- d--h--w C:\Documents and Settings\Veronica\Application Data\Move Networks
2008-04-12 20:18 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-04-12 12:45 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-04-12 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 06:06 --------- d-----w C:\Program Files\MSN Messenger
2008-04-10 03:38 --------- d-----w C:\Program Files\LimeWire
2008-04-07 18:50 --------- d-----w C:\Program Files\Dl_cats
2008-04-05 20:25 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Jasc Software Inc
2008-04-03 18:22 --------- d-----w C:\Program Files\iTunes
2008-04-03 17:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-03 17:38 --------- d-----w C:\Documents and Settings\Veronica\Application Data\AdobeUM
2008-03-29 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 01:42 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Skype
2008-03-25 01:19 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Corel
2008-03-23 17:50 1,734 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 16:24 --------- d-----w C:\Program Files\Java
2008-03-10 17:13 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mail.Ru
2008-03-10 14:59 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-06 04:18 --------- d-----w C:\Documents and Settings\Veronica\Application Data\Mra
2008-03-03 02:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Skype
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2005-10-14 19:33 56 --sh--r C:\WINDOWS\system32\E1E48FE4D4.sys
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 19:53 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 17:43 69632]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 09:21 94208]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 20:09 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 15:44 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 2008-04-07 12:50 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]
--a------ 2005-01-18 10:57 425984 C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-14 10:18 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 C:\Program Files\Common Files\AOL\1135564880\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 10:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-10-10 02:29 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1135564880\\ee\\aim6.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Mail.Ru\\Agent\\magent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 23:41:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 04:42:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 20:01:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-18 20:06:44
ComboFix-quarantined-files.txt 2008-04-19 00:05:35
ComboFix2.txt 2008-04-15 03:44:53

Pre-Run: 55,145,107,456 bytes free
Post-Run: 55,141,302,272 bytes free
.
2008-04-17 01:06:57 --- E O F ---
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Most of those entries found by Panda are just cookies. Did you use ATF Cleaner to remove the cookies and temp files before running Panda?

Spybot didn't remove the entries it found? What is it still detecting and can't remove?

Uninstall MyWebSearch via the Add/Remove Programs panel and delete this folder if found:

C:\PROGRA~1\MYWEBS~1\
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP