Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trojan-clicker.win32.agent.aig [RESOLVED]

Started by mhilliard_13 , May 16 2008 06:47 PM

This topic is locked

#1
mhilliard_13

Posted 16 May 2008 - 06:47 PM

Member

Member
29 posts

explorer.exe; svchost.exe; and rundll32.exe seem to be the major problems, not to mention a load of spyware, viruses, and trojans which have been so far, undetectable, yet ever so present.

Enumerated, for easy reading, are my problems:

1.) I am requesting assistance in recovering my HP dv8000 [custom built] laptop.
2.) Firefox does not function properly; upon load, my default google homepage is loaded, along with a secondary tab, which leads to a "scam" antivirus link, advising the installation of some adware scanner. [pure bogus]

2a.) Upon "Google Searching," I found a post with similar issues, in regards to the website being pulled up.
[link to forum: http://forum.dobrepr...h...6&p=1605439]
[COPY of website attempted to be loaded: http://83.149.75.33/...p...d=http&z=cl] <-- Do Not OPEN

3.) Internet access to desired websites is highly limited, and non-functional.
4.) I have Kaspersky Internet Security; receives continuous warnings that "so&so file" is attempting access to the internet, and is suspicious. These are files which have never, to my knowledge trigered an alert. So far, they are as follows: explorer.exe, rundll32.exe, and svchost.exe *which should access internet, but not in this way.*
5. Additional alerts inform me that the aforementioned files / executables are "attempting to load new or modified modules."

=======
I have attached, for your review, a copy of my HijackThisLog file, and wait upon your assistance.

Thanks in advance for your time, and I hope to hear from you!

~High-School Student.

Attached Files

HJTlog.txt 10.97KB 168 downloads

Edited by mhilliard_13, 17 May 2008 - 04:56 PM.

#2
greyknight17

Posted 17 May 2008 - 01:49 PM

Malware Expert

Visiting Consultant
16,560 posts

Do you have the Symantec Internet Security package installed there also? If so, decide whether to keep Symantec or Kaspersky as having both may/will cause issues.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Viewpoint

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [547a057d] rundll32.exe "C:\WINDOWS\system32\svhrykjb.dll",b
O4 - HKLM\..\Run: [BM574936e1] Rundll32.exe "C:\WINDOWS\system32\lmfbqpkd.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\svhrykjb.dll
C:\WINDOWS\system32\lmfbqpkd.dll
C:\Program Files\Viewpoint\

Don't worry if you can't delete the files above as we will remove them in the next round.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

#3
mhilliard_13

Posted 17 May 2008 - 05:06 PM

Member

Topic Starter
Member
29 posts

The following was unable to be removed by hijackthis:

O4 - HKLM\..\Run: [BM574936e1] Rundll32.exe "C:\WINDOWS\system32\lmfbqpkd.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

The following were unfound:

C:\WINDOWS\system32\lmfbqpkd.dll
C:\Program Files\Viewpoint\

***
I should also inform you that upon start up, I now get "so and so" is not a valid windows image.
***

#4
mhilliard_13

Posted 17 May 2008 - 05:09 PM

Member

Topic Starter
Member
29 posts

Sorry for double post. It seems as though something went wrong.
After running combo fix, as instructed, and following the instructions, it restarted.
Upon restart, the OS comes up, log in works, and desktop background shows, but the desktop icons, the taskbar, and everything else is GONE.

I'm not quite sure what to do, but was going to precede with the following, off of (http://www.bleepingc...opic137867.html)

Press the number 1 on your keyboard and hit Enter.

At the command prompt, type the following command and press Enter:

cd erdnt\hiv-backup

At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

The erunt backups will begin copying.

Type exit when finished, and then press ENTER to quit Recovery Console. Remove the CD and let the computer start.

Let us know how it goes.

However, I will wait for your reply before doing such a thing.

********************************************************************************
*******
Sorry for double post. It seems as though something went wrong.
After running combo fix, as instructed, and following the instructions, it restarted.
Upon restart, the OS comes up, log in works, and desktop background shows, but the desktop icons, the taskbar, and everything else is GONE.

I'm not quite sure what to do, but was going to precede with the following, off of (http://www.bleepingc...opic137867.html)

However, I will wait for your reply before doing such a thing.
********************************************************************************
********

EDITED

Ah, forgive me for the impatience, not with you, but due to my own self-determination to fix my computer. I proceeded with the above CD instructions (from HP Recovery CD) and am able to get back to my desktop.

However, this merely gets me back to the point at which:

1.) I've completed the ComboFix as you've instructed
2.) Do to the complications that have occurred, I was unable to acquire the log that should have come about, as a result of the combofix run.

****
After re-running ComboFix, the following is the log file produced. Just wanted to let you know, because the list of files which it removed, will not be complete.

Attached Files

hijackthis2.txt 2.46KB 122 downloads
log.txt 27.37KB 164 downloads

Edited by mhilliard_13, 17 May 2008 - 07:39 PM.

#5
mhilliard_13

Posted 18 May 2008 - 05:42 PM

Member

Topic Starter
Member
29 posts

Ah! I don't know what's occurred, as of now.
Windows update automatically downloaded 87 updates, completed their installation, restarted, and now I get error messages stating the following:

GrooveMonitor.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

dwwin.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

SynTPStart.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

I'm not quite sure how to fix this, and also need help with this error, as well.

Edited by mhilliard_13, 18 May 2008 - 05:44 PM.

#6
greyknight17

Posted 18 May 2008 - 09:09 PM

Malware Expert

Visiting Consultant
16,560 posts

Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\system32\jkkKEUno.dll
C:\WINDOWS\system32\wpxystlo.dll
C:\WINDOWS\system32\awtrrSml.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e0db20c-146e-41b7-8079-68882c0caeef}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22895E69-38E8-46F2-843B-2ABC24FC4555}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE7F2D6D-290E-4461-8EC7-3811C27E57B4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBusRk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonmLC]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#7
mhilliard_13

Posted 18 May 2008 - 09:56 PM

Member

Topic Starter
Member
29 posts

Here's my malwarebyte's log:

Malwarebytes' Anti-Malware 1.12
Database version: 722

Scan type: Full Scan (C:\|)
Objects scanned: 142935
Time elapsed: 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached, following is my combofix log:

ComboFix 08-05-15.3 - Michael Hilliard 2008-05-18 22:42:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1565 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Hilliard\Desktop\Virus Removal Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael Hilliard\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awtrrSml.dll
C:\WINDOWS\system32\jkkKEUno.dll
C:\WINDOWS\system32\wpxystlo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtrrSml.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 22:32 . 2008-05-18 22:32 0 --a--c--- C:\WINDOWS\system32\dllcache\SET681.tmp
2008-05-18 20:22 . 2008-05-18 20:22 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-18 20:22 . 2008-05-18 20:22 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-05-18 18:58 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 18:58 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 18:58 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 18:58 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 18:58 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 18:58 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 18:58 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 18:58 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 18:58 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Talkback
2008-05-18 12:36 . 2008-05-18 12:36 <DIR> d-------- C:\Deckard
2008-05-18 10:41 . 2008-05-18 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\SUPERAntiSpyware.com
2008-05-17 19:48 . 2008-05-17 19:48 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-05-17 17:52 . 2008-05-17 17:52 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 15:14 . 2008-05-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 15:04 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-17 15:04 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-17 15:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-17 15:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-17 15:03 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-17 15:03 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-17 15:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-17 15:03 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-17 15:03 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-17 15:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-17 15:01 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-17 14:56 . 2006-03-15 07:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-17 14:56 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-17 14:56 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-17 14:51 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-17 14:48 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-17 14:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-17 14:46 . 2006-03-15 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-05-17 14:45 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-17 14:45 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-17 14:45 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-17 14:45 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-17 14:42 . 2004-08-03 22:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2008-05-17 14:41 . 2004-08-03 22:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2008-05-17 14:39 . 2006-03-15 07:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-05-17 14:38 . 2006-03-15 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2008-05-17 14:37 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2008-05-17 14:35 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-17 14:34 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-17 14:33 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-17 14:32 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2008-05-17 14:31 . 2006-03-15 07:00 103,424 --a--c--- C:\WINDOWS\system32\dllcache\uihelper.dll
2008-05-17 14:31 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-17 14:29 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-17 14:29 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-17 14:27 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-17 14:27 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-05-17 14:27 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-05-17 14:27 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-05-17 14:27 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-05-17 14:27 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-05-17 14:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-17 14:26 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-17 14:26 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-17 14:26 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-05-17 14:26 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-05-17 14:26 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-17 14:26 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-05-17 14:26 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-05-17 14:26 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-17 14:23 . 2006-03-15 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2008-05-17 14:22 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-17 14:21 . 2006-03-15 07:00 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll
2008-05-17 14:21 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-17 14:20 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-17 14:20 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-05-17 14:20 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-05-17 14:20 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-05-17 14:20 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-05-17 14:20 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-05-17 14:20 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-05-17 14:19 . 2001-08-17 12:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2008-05-17 14:19 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-05-17 14:19 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-05-17 14:19 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-17 14:19 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-05-17 14:17 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-17 14:17 . 2006-03-15 07:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2008-05-17 14:16 . 2001-08-17 12:10 35,913 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
2008-05-17 14:16 . 2001-08-17 12:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2008-05-17 14:16 . 2001-08-17 12:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
2008-05-17 14:16 . 2004-08-03 23:07 16,128 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-17 14:16 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-17 14:16 . 2001-08-17 13:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
2008-05-17 14:15 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2008-05-17 14:15 . 2001-08-17 22:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\smb0w.dll
2008-05-17 14:15 . 2006-03-15 07:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\sm91w.dll
2008-05-17 14:13 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-17 14:13 . 2006-03-15 07:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-05-17 14:12 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-17 14:12 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-17 14:12 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-17 14:12 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-17 14:12 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-17 14:12 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-17 14:10 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-17 14:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-17 14:09 . 2001-08-17 13:28 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-05-17 14:09 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-17 14:09 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-17 14:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
2008-05-17 14:09 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-17 14:09 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:18 3,545,600 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-22 21:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-22 21:01 --------- d-----w C:\Program Files\Windows Plus
2008-04-14 00:11 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:40 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 01:01 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SETE7.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SETA3.tmp
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SETA4.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-05-17_20.23.33.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-15 12:00:00 2,148,352 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlmp.exe
+ 2006-03-15 12:00:00 2,015,232 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrpamp.exe
- 2004-10-14 18:36:06 21,504 -c--a-w C:\WINDOWS\$NtUninstallKB891781$\spcustom.dll
+ 2004-12-01 01:22:40 21,504 -c----w C:\WINDOWS\$NtUninstallKB891781$\spcustom.dll
- 2004-10-14 18:34:46 7,168 -c--a-w C:\WINDOWS\$NtUninstallKB891781$\spmsg.dll
+ 2004-11-30 19:46:38 7,168 -c----w C:\WINDOWS\$NtUninstallKB891781$\spmsg.dll
- 2004-10-14 18:36:07 169,984 -c--a-w C:\WINDOWS\$NtUninstallKB891781$\spuninst.exe
+ 2004-12-01 01:22:42 169,984 -c----w C:\WINDOWS\$NtUninstallKB891781$\spuninst.exe
- 2004-10-14 18:21:58 654,848 -c--a-w C:\WINDOWS\$NtUninstallKB891781$\update.exe
+ 2004-11-30 19:46:40 654,848 -c----w C:\WINDOWS\$NtUninstallKB891781$\update.exe
- 2005-02-25 03:35:05 22,240 -c--a-w C:\WINDOWS\$NtUninstallKB894391$\spcustom.dll
+ 2005-02-25 01:35:06 22,240 -c----w C:\WINDOWS\$NtUninstallKB894391$\spcustom.dll
- 2005-02-25 03:35:05 14,048 -c--a-w C:\WINDOWS\$NtUninstallKB894391$\spmsg.dll
+ 2005-02-25 01:35:06 14,048 -c----w C:\WINDOWS\$NtUninstallKB894391$\spmsg.dll
- 2005-02-25 03:35:05 209,632 -c--a-w C:\WINDOWS\$NtUninstallKB894391$\spuninst.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB894391$\spuninst.exe
- 2005-02-25 03:35:05 718,048 -c--a-w C:\WINDOWS\$NtUninstallKB894391$\update.exe
+ 2005-02-25 01:35:06 718,048 -c----w C:\WINDOWS\$NtUninstallKB894391$\update.exe
- 2005-02-25 03:35:06 371,936 -c--a-w C:\WINDOWS\$NtUninstallKB894391$\updspapi.dll
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB894391$\updspapi.dll
- 2005-02-25 03:35:05 22,240 -c--a-w C:\WINDOWS\$NtUninstallKB896358$\spcustom.dll
+ 2005-02-25 01:35:06 22,240 -c----w C:\WINDOWS\$NtUninstallKB896358$\spcustom.dll
- 2005-02-25 03:35:05 14,048 -c--a-w C:\WINDOWS\$NtUninstallKB896358$\spmsg.dll
+ 2005-02-25 01:35:06 14,048 -c----w C:\WINDOWS\$NtUninstallKB896358$\spmsg.dll
- 2005-02-25 03:35:05 209,632 -c--a-w C:\WINDOWS\$NtUninstallKB896358$\spuninst.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896358$\spuninst.exe
- 2005-02-25 03:35:05 718,048 -c--a-w C:\WINDOWS\$NtUninstallKB896358$\update.exe
+ 2005-02-25 01:35:06 718,048 -c----w C:\WINDOWS\$NtUninstallKB896358$\update.exe
- 2005-02-25 03:35:06 371,936 -c--a-w C:\WINDOWS\$NtUninstallKB896358$\updspapi.dll
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896358$\updspapi.dll
- 2005-06-29 23:54:30 30,720 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\arpidfix.exe
+ 2005-06-29 21:54:32 30,720 -c----w C:\WINDOWS\$NtUninstallKB896423$\arpidfix.exe
- 2005-02-25 03:35:05 22,240 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\spcustom.dll
+ 2005-02-25 01:35:06 22,240 -c----w C:\WINDOWS\$NtUninstallKB896423$\spcustom.dll
- 2005-02-25 03:35:05 14,048 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\spmsg.dll
+ 2005-02-25 01:35:06 14,048 -c----w C:\WINDOWS\$NtUninstallKB896423$\spmsg.dll
- 2005-02-25 03:35:05 209,632 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\spuninst.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB896423$\spuninst.exe
- 2005-02-25 03:35:05 718,048 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\update.exe
+ 2005-02-25 01:35:06 718,048 -c----w C:\WINDOWS\$NtUninstallKB896423$\update.exe
- 2005-02-25 03:35:06 371,936 -c--a-w C:\WINDOWS\$NtUninstallKB896423$\updspapi.dll
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB896423$\updspapi.dll
- 2005-02-25 03:35:05 22,240 -c--a-w C:\WINDOWS\$NtUninstallKB901214$\spcustom.dll
+ 2005-02-25 01:35:06 22,240 -c----w C:\WINDOWS\$NtUninstallKB901214$\spcustom.dll
- 2005-02-25 03:35:05 14,048 -c--a-w C:\WINDOWS\$NtUninstallKB901214$\spmsg.dll
+ 2005-02-25 01:35:06 14,048 -c----w C:\WINDOWS\$NtUninstallKB901214$\spmsg.dll
- 2005-02-25 03:35:05 209,632 -c--a-w C:\WINDOWS\$NtUninstallKB901214$\spuninst.exe
+ 2005-02-25 01:35:06 209,632 -c----w C:\WINDOWS\$NtUninstallKB901214$\spuninst.exe
- 2005-02-25 03:35:05 718,048 -c--a-w C:\WINDOWS\$NtUninstallKB901214$\update.exe
+ 2005-02-25 01:35:06 718,048 -c----w C:\WINDOWS\$NtUninstallKB901214$\update.exe
- 2005-02-25 03:35:06 371,936 -c--a-w C:\WINDOWS\$NtUninstallKB901214$\updspapi.dll
+ 2005-02-25 01:35:08 371,936 -c----w C:\WINDOWS\$NtUninstallKB901214$\updspapi.dll
+ 2005-10-12 23:12:25 22,752 -c----w C:\WINDOWS\$NtUninstallKB915865$\spcustom.dll
+ 2005-10-12 23:12:25 14,048 -c----w C:\WINDOWS\$NtUninstallKB915865$\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst.exe
+ 2005-10-12 23:12:28 716,000 -c----w C:\WINDOWS\$NtUninstallKB915865$\update.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB915865$\updspapi.dll
+ 2008-01-11 16:35:38 121,856 -c----w C:\WINDOWS\$NtUninstallKB915865$\xmllite.dll
- 2007-02-28 09:08:48 2,136,064 -c--a-w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe
+ 2005-03-02 00:57:44 2,135,552 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe
- 2007-02-28 08:38:57 2,015,744 -c--a-w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
+ 2005-03-02 00:34:42 2,015,232 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c--a-w C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe
+ 2005-03-02 00:34:42 2,015,232 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe
- 2007-02-28 09:08:48 2,136,064 -c--a-w C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
+ 2005-03-02 00:57:44 2,135,552 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
+ 2005-10-12 23:12:25 22,752 -c----w C:\WINDOWS\$NtUninstallKB931784$\spcustom.dll
+ 2005-10-12 23:12:25 14,048 -c----w C:\WINDOWS\$NtUninstallKB931784$\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB931784$\spuninst.exe
+ 2005-10-12 23:12:29 716,000 -c----w C:\WINDOWS\$NtUninstallKB931784$\update.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB931784$\updspapi.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2006-03-15 12:00:00 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\$NtUninstallKB941568$\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\$NtUninstallKB941568$\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst.exe
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\$NtUninstallKB941568$\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\updspapi.dll
- 2008-05-18 01:18:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 03:47:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2006-03-15 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2006-03-15 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2006-03-15 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2006-03-15 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2006-03-15 12:00:00 1,022,976 -c--a-w C:\WINDOWS\ie7\browseui.dll
+ 2006-03-15 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-03-15 12:00:00 28,672 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2006-03-15 12:00:00 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2006-03-15 12:00:00 201,728 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2006-03-15 12:00:00 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2006-03-15 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2006-03-15 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-03-15 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2006-03-15 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2006-03-15 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2006-03-15 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2006-03-15 12:00:00 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2006-03-15 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2006-03-15 12:00:00 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2006-03-15 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2006-03-15 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2006-03-15 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2006-03-15 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2006-03-15 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-03-15 12:00:00 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2006-03-15 12:00:00 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2006-03-15 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-03-15 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2006-03-15 12:00:00 3,049,472 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2006-03-15 12:00:00 448,512 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2006-03-15 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2006-03-15 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2006-03-15 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2006-03-15 12:00:00 530,432 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2006-03-15 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2006-03-15 12:00:00 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-03-15 12:00:00 1,492,480 -c--a-w C:\WINDOWS\ie7\shdocvw.dll
+ 2006-03-15 12:00:00 474,112 -c--a-w C:\WINDOWS\ie7\shlwapi.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-03-15 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2006-03-15 12:00:00 612,352 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2006-03-15 12:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2006-03-15 12:00:00 848,384 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2006-03-15 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2006-03-15 12:00:00 656,384 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-13 23:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-13 23:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-05-18 15:41:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-18 15:41:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2006-03-15 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2006-03-15 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2006-03-15 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-05-19 03:02:44 4,984 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{4EB6FDFF-D6AB-4A69-A1F9-BEF115D20630}.bin
- 2006-03-15 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2006-03-15 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2006-03-15 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-03-15 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2006-03-15 12:00:00 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 18:12:50 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-03-15 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2006-03-15 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2006-03-15 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2006-03-15 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2006-03-15 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2006-03-15 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2006-03-15 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2006-03-15 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2006-03-15 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2006-03-15 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2006-03-15 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2006-03-15 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2008-05-17 22:57:38 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-19 03:15:27 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-17 22:57:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-19 03:15:27 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-15 12:00:00 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 23:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
- 2006-03-15 12:00:00 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2006-03-15 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2006-03-15 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 23:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2006-03-15 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-03-15 12:00:00 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
+ 2006-02-15 00:22:26 142,464 -c--a-w C:\WINDOWS\system32\dllcache\aec.sys
- 2006-03-15 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2006-03-15 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2006-03-15 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2006-03-15 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:09:29 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2006-03-15 12:00:00 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-09-23 18:12:50 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-03-15 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2006-03-15 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2006-03-15 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2006-03-15 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2006-03-15 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2006-03-15 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2006-03-15 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2006-03-15 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2006-03-15 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2006-03-15 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2006-03-15 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2006-03-15 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2006-03-15 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 23:42:54 17,408 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-03-15 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-03-15 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2006-03-15 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2006-03-15 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2006-03-15 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2006-03-15 12:00:00 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-22 09:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2006-03-15 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-03-15 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-03-15 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:39:45 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2006-03-15 12:00:00 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:20:03 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2006-03-15 12:00:00 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2006-03-15 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-03-15 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2006-03-15 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2006-03-15 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2006-03-15 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2006-03-15 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2006-03-15 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2006-03-15 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2006-03-15 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2006-03-15 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2006-03-15 12:00:00 263,040 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
+ 2006-03-17 00:33:10 262,784 -c--a-w C:\WINDOWS\system32\dllcache\http.sys
- 2006-03-15 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2006-03-15 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-03-15 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-03-15 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-03-15 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2006-03-15 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2006-03-15 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 23:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-03-15 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 23:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2006-03-15 12:00:00 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-03-15 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2006-03-15 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2006-03-15 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2006-03-15 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 23:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2006-03-15 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-03-15 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 23:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-03-15 12:00:00 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2006-03-15 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2006-03-15 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:04:27 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2006-03-15 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:04:27 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:47:07 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:47:07 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2006-03-15 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 23:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-03-15 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-03-15 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:49:30 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2006-03-15 12:00:00 983,552 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2006-03-15 12:00:00 171,776 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c--a-w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2006-03-15 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-03-15 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2006-03-15 12:00:00 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-03-15 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2006-03-15 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2006-03-15 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2006-03-15 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2006-03-15 12:00:00 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w C:\WINDOWS\system32\dllcache\mqac.sys
- 2006-03-15 12:00:00 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w C:\WINDOWS\system32\dllcache\mqad.dll
- 2006-03-15 12:00:00 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w C:\WINDOWS\system32\dllcache\mqdscli.dll
- 2006-03-15 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w C:\WINDOWS\system32\dllcache\mqise.dll
- 2006-03-15 12:00:00 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w C:\WINDOWS\system32\dllcache\mqqm.dll
- 2006-03-15 12:00:00 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w C:\WINDOWS\system32\dllcache\mqrt.dll
- 2006-03-15 12:00:00 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w C:\WINDOWS\system32\dllcache\mqsec.dll
- 2006-03-15 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w C:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2006-03-15 12:00:00 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w C:\WINDOWS\system32\dllcache\mqutil.dll
- 2006-03-15 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2006-03-15 12:00:00 451,456 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2006-03-15 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:44:21 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2006-03-15 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2006-03-15 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2006-03-15 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2006-03-15 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2006-03-15 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2006-03-15 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2006-03-15 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2006-03-15 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-03-15 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-03-15 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2006-03-15 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 23:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2006-03-15 12:00:00 3,049,472 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-03-15 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-03-15 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-03-15 12:00:00 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2006-03-15 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 19:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2006-03-15 12:00:00 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 19:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2006-03-15 12:00:00 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 19:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2006-03-15 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 19:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2006-03-15 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-03-15 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-03-15 12:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-03-15 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2006-03-15 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-03-15 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-03-15 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2006-03-15 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C

Edited by mhilliard_13, 18 May 2008 - 10:44 PM.

#8
greyknight17

Posted 19 May 2008 - 07:23 PM

Malware Expert

Visiting Consultant
16,560 posts

Try posting the log from C:\ComboFix.txt again. It got cut off near the bottom. Preview it first before posting to see if it gets cut off again. If it does, remove it and attach that file here instead.

#9
mhilliard_13

Posted 19 May 2008 - 07:54 PM

Member

Topic Starter
Member
29 posts

ComboFix 08-05-15.3 - Michael Hilliard 2008-05-18 22:42:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1565 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Hilliard\Desktop\Virus Removal Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael Hilliard\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awtrrSml.dll
C:\WINDOWS\system32\jkkKEUno.dll
C:\WINDOWS\system32\wpxystlo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtrrSml.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 22:32 . 2008-05-18 22:32 0 --a--c--- C:\WINDOWS\system32\dllcache\SET681.tmp
2008-05-18 20:22 . 2008-05-18 20:22 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-18 20:22 . 2008-05-18 20:22 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-05-18 18:58 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 18:58 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 18:58 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 18:58 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 18:58 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 18:58 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 18:58 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 18:58 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 18:58 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Talkback
2008-05-18 12:36 . 2008-05-18 12:36 <DIR> d-------- C:\Deckard
2008-05-18 10:41 . 2008-05-18 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\SUPERAntiSpyware.com
2008-05-17 19:48 . 2008-05-17 19:48 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-05-17 17:52 . 2008-05-17 17:52 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 15:14 . 2008-05-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 15:04 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-17 15:04 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-17 15:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-17 15:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-17 15:03 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-17 15:03 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-17 15:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-17 15:03 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-17 15:03 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-17 15:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-17 15:01 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-17 14:56 . 2006-03-15 07:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-17 14:56 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-17 14:56 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-17 14:51 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-17 14:48 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-17 14:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-17 14:46 . 2006-03-15 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-05-17 14:45 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-17 14:45 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-17 14:45 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-17 14:45 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-17 14:42 . 2004-08-03 22:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2008-05-17 14:41 . 2004-08-03 22:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2008-05-17 14:39 . 2006-03-15 07:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-05-17 14:38 . 2006-03-15 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2008-05-17 14:37 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2008-05-17 14:35 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-17 14:34 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-17 14:33 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-17 14:32 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2008-05-17 14:31 . 2006-03-15 07:00 103,424 --a--c--- C:\WINDOWS\system32\dllcache\uihelper.dll
2008-05-17 14:31 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-17 14:29 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-17 14:29 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-17 14:27 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-17 14:27 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-05-17 14:27 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-05-17 14:27 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-05-17 14:27 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-05-17 14:27 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-05-17 14:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-17 14:26 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-17 14:26 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-17 14:26 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-05-17 14:26 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-05-17 14:26 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-17 14:26 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-05-17 14:26 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-05-17 14:26 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-17 14:23 . 2006-03-15 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2008-05-17 14:22 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-17 14:21 . 2006-03-15 07:00 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll
2008-05-17 14:21 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-17 14:20 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-17 14:20 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-05-17 14:20 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-05-17 14:20 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-05-17 14:20 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-05-17 14:20 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-05-17 14:20 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-05-17 14:19 . 2001-08-17 12:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2008-05-17 14:19 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-05-17 14:19 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-05-17 14:19 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-17 14:19 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-05-17 14:17 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-17 14:17 . 2006-03-15 07:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2008-05-17 14:16 . 2001-08-17 12:10 35,913 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
2008-05-17 14:16 . 2001-08-17 12:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2008-05-17 14:16 . 2001-08-17 12:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
2008-05-17 14:16 . 2004-08-03 23:07 16,128 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-17 14:16 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-17 14:16 . 2001-08-17 13:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
2008-05-17 14:15 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2008-05-17 14:15 . 2001-08-17 22:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\smb0w.dll
2008-05-17 14:15 . 2006-03-15 07:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\sm91w.dll
2008-05-17 14:13 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-17 14:13 . 2006-03-15 07:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-05-17 14:12 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-17 14:12 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-17 14:12 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-17 14:12 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-17 14:12 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-17 14:12 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-17 14:10 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-17 14:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-17 14:09 . 2001-08-17 13:28 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-05-17 14:09 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-17 14:09 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-17 14:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
2008-05-17 14:09 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-17 14:09 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:18 3,545,600 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-22 21:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-22 21:01 --------- d-----w C:\Program Files\Windows Plus
2008-04-14 00:11 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:40 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 01:01 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SETE7.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SETA3.tmp
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SETA4.tmp
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_22.52.06.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 03:49:37 12,956,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-05-19 04:02:38 13,006,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2008-05-19 03:46:37 991,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
+ 2008-05-19 04:02:28 992,800 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 13:27 65536]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 07:39 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-15 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 07:00 59392]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\Michael Hilliard\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-04-23 23:49:24 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-14 20:40 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Client Default.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Client Default.lnk
backup=C:\WINDOWS\pss\Client Default.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GlassToast]
--a------ 2007-02-01 17:26 860160 C:\Documents and Settings\Michael Hilliard\Desktop\glasstoast\glasstoast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-11-16 08:30 503808 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2006-03-15 07:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Value #1]
C:\Documents and Settings\Michael Hilliard\Desktop\vistart_2661_english_skin_default OLDDD\vistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-04-15 17:26 7561216 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-04-15 17:26 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:27 1015808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 13:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2007-11-16 01:40 1937920 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"NSCService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5daf40ae-114b-11dd-9ea5-0016d434dde6}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10eae7f-1168-11dd-9ea8-0016d434dde6}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 23:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-18 23:04:00
ComboFix-quarantined-files.txt 2008-05-19 04:03:52
ComboFix2.txt 2008-05-19 03:53:46
ComboFix3.txt 2008-05-18 01:25:56

Pre-Run: 78,857,793,536 bytes free
Post-Run: 78,838,525,952 bytes free

340 --- E O F --- 2008-05-19 03:02:39

sorry

Edited by mhilliard_13, 19 May 2008 - 07:55 PM.

#10
greyknight17

Posted 19 May 2008 - 08:06 PM

Malware Expert

Visiting Consultant
16,560 posts

Did you run the Flash Disinfector yet for your USB Flash Drives. I think some of them may be having problems and need this tool to get it disinfected.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

#11
mhilliard_13

Posted 19 May 2008 - 08:15 PM

Member

Topic Starter
Member
29 posts

Mm, mkay. Thanks!

BUT I'm still having the following errors:

I forgot to task you, but after running sfc /scannow, with the CD in the drive, once the box goes away, is there anything else I'm supposed to do? I'm about to re-run sfc /scannow. I did it the other day, but I don't believe anything changed. I will update you soon as it completes.

I'm also getting unusual dialogs such as

"Device installer error
Windows could not load the installer for mouse / keyboard / hdc / volume. Please contact your hardware vendor for assistance."

Edited by mhilliard_13, 19 May 2008 - 08:20 PM.

#12
mhilliard_13

Posted 19 May 2008 - 10:02 PM

Member

Topic Starter
Member
29 posts

I've completed the sfc /scannow & I am now about to reboot.
I'll update you on the status of the error messages.

#13
mhilliard_13

Posted 20 May 2008 - 03:32 PM

Member

Topic Starter
Member
29 posts

Everything seems to be funning fine now.
There's only one question I have.

In regards to Internet Explorer 7, I attempted to install it earlier, but it resulted in an incomplete installation && thus resulted in, yet again, the iertutil.dll error, once again.

Can you guide me through the installation, or tell me what to do to keep this from occuring? As of now, I am unable to access Internet Explorer.

When attempting to access a site through Internet Explorer, an error message pops up stating that:

The requested look up key was not found in any active activation context.

Idk what's causing this error. This is occuring on Intenret Explorer 6, btw due to the fact that IE 7 didn't properly install. (>.<)

Edited by mhilliard_13, 20 May 2008 - 03:34 PM.

#14
greyknight17

Posted 20 May 2008 - 08:09 PM

Malware Expert

Visiting Consultant
16,560 posts

Can you try to install that update again? Enable automatic updates and see if you can get IE7 again.

You might want to stop by the Windows board for more assistance on this matter.

#15
greyknight17

Posted 20 May 2008 - 08:10 PM

Malware Expert

Visiting Consultant
16,560 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.