[septjester42]

I have no idea how to fix this, I've looked everywhere for a solution.

So it started as a huge virus, bigger one than I've had to deal with in a while. A couple face spyware programs were installed, I got rid of those, and the registry was edited so that the desktop properties didn't have the 'Screen Saver' and 'Desktop' tabs where gone. I fixed all of that, but then I noticed a problem with my automatic updates. The problem being that I couldn't turn them on, no matter what I did in the system properties or services.msc nothing worked. so one thing led to another, and I found out it was just about irreparable, so I reinstalled/repaired the OS with a cd(xp).

So after all of that, I still have a automatic update problem


And a RUNDLL problem that shows up every time I start the computer and I can't find any way to fix it.


I would really appreciate any kind of help you guys can offer, TIA

Special thanks to Rorschach112 for helping

[Advertisements]

Hello septjester42,

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Thunderbird1988

[Thunderbird1988]

Hello septjester42,

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Thunderbird1988

[septjester42]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:21 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [f48f6137] rundll32.exe "C:\WINDOWS\system32\klslesyt.dll",b
O4 - HKLM\..\Run: [BMf7bc52ab] Rundll32.exe "C:\WINDOWS\system32\umfafldk.dll",s
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 5341 bytes


Also, I normally use Firefox, but then it started getting really bogged down, I tried IE, and it was a little faster than Firefox, but still slow, and after using IE I started getting popups, which I guess is characteristic of this virus. The only way I could get a webpage to load fairly quickly was if I went into explorer and typed the web adress in a folder's adress bar.

[septjester42]

sorry, double post

Edited by septjester42, 29 July 2008 - 09:33 AM.

[Thunderbird1988]

Hello septjester42,

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Thunderbird1988

[septjester42]

New Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:08 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 5430 bytes




And the ComboFix log

ComboFix 08-07-29.1 - Joe 2008-07-29 20:56:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.562 [GMT -4:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Joe\Application Data\macromedia\Flash Player\#SharedObjects\2Z8MMC7V\interclick.com
C:\Documents and Settings\Joe\Application Data\macromedia\Flash Player\#SharedObjects\2Z8MMC7V\interclick.com\ud.sol
C:\Documents and Settings\Joe\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Joe\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Joe\Application Data\rhcnqgj0ev9r
C:\WINDOWS\BMf7bc52ab.txt
C:\WINDOWS\BMf7bc52ab.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\iifgGXqp.dll
C:\WINDOWS\system32\itdtefes.dll
C:\WINDOWS\system32\klslesyt.dll
C:\WINDOWS\system32\lrlsursd.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\phcjqgj0ev9r.bmp
C:\WINDOWS\system32\pqXGgfii.ini
C:\WINDOWS\system32\pqXGgfii.ini2
C:\WINDOWS\system32\tuvSllkJ.dll
C:\WINDOWS\system32\tyselslk.ini
C:\WINDOWS\system32\wlpapsix.dll
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-28 18:34 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 18:34 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-28 18:12 . 2005-10-14 14:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-07-28 18:04 . 2004-08-04 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-28 18:03 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-28 18:02 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-28 17:58 . 2004-08-04 08:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-28 17:55 . 2004-08-04 08:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-07-28 17:55 . 2004-08-04 08:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-07-28 17:45 . 2004-08-04 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-07-28 17:45 . 2004-08-04 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-28 17:45 . 2004-08-04 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-07-28 17:45 . 2004-08-04 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-28 17:00 . 2008-07-28 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-28 16:43 . 2008-07-28 16:43 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-07-28 14:50 . 2008-07-28 14:50 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-28 14:49 . 2008-07-28 15:45 203 --a------ C:\WINDOWS\wininit.ini
2008-07-28 12:52 . 2008-07-28 12:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 12:52 . 2008-07-28 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 12:44 . 2008-07-28 12:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 11:46 . 2008-07-28 11:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-28 01:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-28 01:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-28 01:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 17:50 . 2008-07-27 17:50 <DIR> d-------- C:\Documents and Settings\Joe\Contacts
2008-07-27 17:46 . 2008-07-27 17:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-27 17:45 . 2008-07-27 17:50 <DIR> d-------- C:\Program Files\Windows Live
2008-07-27 17:45 . 2008-07-27 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-26 21:20 . 2008-07-26 21:21 <DIR> d-------- C:\Documents and Settings\Joe\Shared
2008-07-24 17:08 . 2008-07-24 17:08 <DIR> d-------- C:\WINDOWS\Sun
2008-07-23 01:55 . 2008-07-23 01:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-23 01:23 . 2008-07-23 01:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-22 23:07 . 2008-07-22 23:07 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-22 23:06 . 2008-07-22 23:06 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-22 21:58 . 2008-07-27 18:49 <DIR> d-------- C:\Program Files\FrostWire
2008-07-22 21:58 . 2008-07-27 18:58 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\FrostWire
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
2008-07-22 21:57 . 2008-07-22 21:57 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-21 22:24 . 2008-07-21 22:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Aim
2008-07-21 22:23 . 2008-07-24 03:08 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-21 22:23 . 2008-07-21 22:31 <DIR> d-------- C:\Program Files\AIM
2008-07-21 22:23 . 2008-07-21 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-21 22:23 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-21 22:13 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-07-21 22:03 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\backup uxtheme.dll
2008-07-21 22:00 . 2008-07-29 21:06 11,323 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-21 21:59 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-21 21:57 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-21 21:57 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-21 21:57 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-21 21:57 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-21 21:57 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-21 21:57 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-21 21:56 . 2008-07-21 21:56 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-21 21:56 . 2008-07-21 22:15 <DIR> d-------- C:\Program Files\McAfee
2008-07-21 21:56 . 2008-07-21 21:57 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-21 21:55 . 2008-07-21 21:55 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\vlc
2008-07-21 21:51 . 2008-07-21 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-21 21:37 . 2008-07-23 01:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-21 21:29 . 2008-07-28 11:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Azureus
2008-07-21 21:29 . 2008-07-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-21 20:57 . 2008-07-21 20:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-21 19:51 . 2008-07-21 19:51 <DIR> d---s---- C:\Documents and Settings\Joe\UserData
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\SigmaTel
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-21 19:26 . 2005-11-16 15:36 1,047,816 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-07-21 19:26 . 2005-11-16 15:35 172,032 --a------ C:\WINDOWS\system32\stacapi.dll
2008-07-21 19:26 . 2005-11-16 15:35 112,128 --a------ C:\WINDOWS\system32\staco.dll
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\iPod
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\Dell Support Center
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 19:18 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\iTunes
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Program Files\Bonjour
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-21 19:17 . 2008-07-27 17:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-21 19:17 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\Program Files\MSBuild
2008-07-21 18:47 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-21 17:10 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-07-21 17:10 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-21 17:07 . 2008-07-21 18:18 <DIR> d-------- C:\Program Files\IDT
2008-07-21 17:07 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-07-21 17:07 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-07-21 17:04 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-21 16:54 . 2008-07-21 16:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 16:52 . 2008-04-13 22:04 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-21 16:51 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003114_.tmp
2008-07-21 16:39 . 2008-07-21 16:39 <DIR> d-------- C:\Program Files\Vuze
2008-07-21 16:38 . 2008-07-21 16:38 <DIR> d-------- C:\Program Files\Java
2008-07-21 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-21 16:36 . 2008-07-21 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-21 15:35 . 2008-07-21 16:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 15:34 . 2008-07-24 01:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-21 15:34 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-21 15:32 . 2008-07-21 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-07-21 15:30 . 2004-08-04 08:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-21 15:30 . 2004-08-04 08:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-21 15:22 . 2008-07-21 15:22 <DIR> d-------- C:\Program Files\Intel
2008-07-19 02:44 . 2004-08-04 08:00 162,304 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-07-19 02:44 . 2004-08-04 08:00 162,304 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-07-19 02:37 . 2008-07-19 02:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 02:30 . 2003-11-03 18:15 1,902 --a------ C:\WINDOWS\system32\SetupBD.din
2008-07-19 02:29 . 2008-07-19 02:30 <DIR> d-------- C:\drvrtmp
2008-07-19 02:29 . 2004-10-14 16:30 155,648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-07-19 02:29 . 2004-11-16 17:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-07-19 02:29 . 2004-11-16 09:16 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2008-07-19 02:29 . 2004-10-29 17:01 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-07-19 02:29 . 2004-10-14 16:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din
2008-07-19 01:57 . 2008-07-19 01:57 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-07-19 01:57 . 2008-07-19 01:57 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 22:19 1,164 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-07-19 05:57 558,142 ----a-w C:\WINDOWS\java\Packages\XNLN1RFZ.ZIP
2008-07-19 05:57 155,995 ----a-w C:\WINDOWS\java\Packages\Q2M6IW45.ZIP
2008-07-19 04:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 09:41 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-14 04:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-14 03:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 12:44 202544]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 12:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 12:44 202544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S2 MLPTDR_B;MLPTDR_B;C:\WINDOWS\system32\MLPTDR_B.SYS [2003-09-02 15:06]
.
Contents of the 'Scheduled Tasks' folder

2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-f48f6137 - C:\WINDOWS\system32\klslesyt.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 21:05:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\wuauclt.exe.wusetup.345531.bak 111104 bytes executable
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.346968.bak 162304 bytes executable
C:\WINDOWS\system32\wuaueng.dll.wusetup.350437.bak 1134592 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
.
**************************************************************************
.
Completion time: 2008-07-29 21:10:15 - machine was rebooted [Joe]
ComboFix-quarantined-files.txt 2008-07-30 01:10:04

Pre-Run: 28,995,276,800 bytes free
Post-Run: 28,930,576,384 bytes free

267 --- E O F --- 2008-07-24 07:00:29

[Thunderbird1988]

Hello septjester42,

I would strongly recommand to remove Frostwire and Vuze/azureus. Thede programs are P2P programs. These programs can cause lots of infections. Also the use of it is illegal in many contries.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thunderbird1988

[septjester42]

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

9:35:32 AM 7/30/2008
mbam-log-7-30-2008 (09-35-27).txt

Scan type: Quick Scan
Objects scanned: 39869
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnqgj0ev9r (Rogue.Multiple) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.


And I got rid of Vuze and FrostWire

[Thunderbird1988]

Hello septjester42,

Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Joe\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
C:\WINDOWS\003114_.tmp
C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\rhcnqgj0ev9r]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Please let me also know how your computer is running.

Thunderbird1988

[septjester42]

ComboFix log

ComboFix 08-07-29.1 - Joe 2008-07-30 17:06:53.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.571 [GMT -4:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Joe\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
C:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\WINDOWS\003114_.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\003114_.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 10:48 . 2008-07-30 10:48 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-30 09:27 . 2008-07-30 09:27 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 09:27 . 2008-07-30 09:27 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Malwarebytes
2008-07-30 09:27 . 2008-07-30 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 09:27 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 09:27 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 21:13 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-28 18:34 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-28 18:34 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-28 18:12 . 2005-10-14 14:45 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-07-28 18:04 . 2004-08-04 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-28 18:03 . 2004-08-04 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-28 18:02 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-28 17:59 . 2008-07-28 17:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-28 17:58 . 2004-08-04 08:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-07-28 17:55 . 2007-06-26 04:27 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-07-28 17:55 . 2004-08-04 08:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-07-28 17:45 . 2004-08-04 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-07-28 17:45 . 2004-08-04 08:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-07-28 17:45 . 2004-08-04 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-07-28 17:45 . 2004-08-04 08:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-07-28 17:00 . 2008-07-28 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-28 16:43 . 2008-07-28 16:43 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-07-28 14:50 . 2008-07-28 14:50 <DIR> d-------- C:\Program Files\Safer Networking
2008-07-28 14:49 . 2008-07-28 15:45 203 --a------ C:\WINDOWS\wininit.ini
2008-07-28 12:52 . 2008-07-28 12:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 12:52 . 2008-07-28 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 12:44 . 2008-07-28 12:44 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-28 11:46 . 2008-07-28 11:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-28 01:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-28 01:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-28 01:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-27 17:50 . 2008-07-27 17:50 <DIR> d-------- C:\Documents and Settings\Joe\Contacts
2008-07-27 17:46 . 2008-07-27 17:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-27 17:45 . 2008-07-27 17:50 <DIR> d-------- C:\Program Files\Windows Live
2008-07-27 17:45 . 2008-07-27 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-26 21:20 . 2008-07-26 21:21 <DIR> d-------- C:\Documents and Settings\Joe\Shared
2008-07-24 17:08 . 2008-07-24 17:08 <DIR> d-------- C:\WINDOWS\Sun
2008-07-23 01:55 . 2008-07-23 01:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-23 01:23 . 2008-07-23 01:23 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-22 23:07 . 2008-07-22 23:07 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-22 23:06 . 2008-07-22 23:06 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-22 21:58 . 2008-07-30 10:55 <DIR> d-------- C:\Program Files\FrostWire
2008-07-22 21:58 . 2008-07-27 18:58 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\FrostWire
2008-07-22 21:57 . 2008-07-22 21:57 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
2008-07-22 21:57 . 2008-07-22 21:57 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-21 22:24 . 2008-07-21 22:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Aim
2008-07-21 22:23 . 2008-07-24 03:08 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-21 22:23 . 2008-07-21 22:31 <DIR> d-------- C:\Program Files\AIM
2008-07-21 22:23 . 2008-07-21 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-21 22:23 . 2004-02-25 13:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-07-21 22:13 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2008-07-21 22:03 . 2008-04-14 05:42 218,624 --a------ C:\WINDOWS\system32\backup uxtheme.dll
2008-07-21 22:00 . 2008-07-30 10:46 11,499 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-21 21:59 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-21 21:57 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-21 21:57 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-21 21:57 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-21 21:57 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-21 21:57 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-21 21:57 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-21 21:56 . 2008-07-21 21:56 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-21 21:56 . 2008-07-21 22:15 <DIR> d-------- C:\Program Files\McAfee
2008-07-21 21:56 . 2008-07-21 21:57 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-21 21:55 . 2008-07-21 21:55 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\vlc
2008-07-21 21:51 . 2008-07-21 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-21 21:37 . 2008-07-23 01:34 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-21 21:29 . 2008-07-28 11:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Azureus
2008-07-21 21:29 . 2008-07-21 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-21 20:57 . 2008-07-21 20:57 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-21 19:51 . 2008-07-21 19:51 <DIR> d---s---- C:\Documents and Settings\Joe\UserData
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\SigmaTel
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 19:26 . 2008-07-21 19:26 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-21 19:26 . 2005-11-16 15:36 1,047,816 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-07-21 19:26 . 2005-11-16 15:35 172,032 --a------ C:\WINDOWS\system32\stacapi.dll
2008-07-21 19:26 . 2005-11-16 15:35 112,128 --a------ C:\WINDOWS\system32\staco.dll
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\iPod
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\Dell Support Center
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-07-21 19:19 . 2008-07-21 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 19:18 . 2008-07-21 19:19 <DIR> d-------- C:\Program Files\iTunes
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Program Files\Bonjour
2008-07-21 19:18 . 2008-07-21 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-21 19:17 . 2008-07-27 17:50 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-21 19:17 . 2008-07-21 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-21 19:17 . 2008-07-10 09:35 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-21 18:47 . 2008-07-21 18:47 <DIR> d-------- C:\Program Files\MSBuild
2008-07-21 18:47 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-21 17:10 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-07-21 17:10 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-21 17:07 . 2008-07-21 18:18 <DIR> d-------- C:\Program Files\IDT
2008-07-21 17:07 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-07-21 17:07 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-07-21 17:04 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-21 16:54 . 2008-07-21 16:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-21 16:52 . 2008-04-13 22:04 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-07-21 16:38 . 2008-07-21 16:38 <DIR> d-------- C:\Program Files\Java
2008-07-21 16:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-21 16:36 . 2008-07-21 16:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-21 15:35 . 2008-07-21 16:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-21 15:34 . 2008-07-29 21:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-21 15:34 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-21 15:32 . 2008-07-21 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-07-21 15:30 . 2004-08-04 08:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-21 15:30 . 2004-08-04 08:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-21 15:22 . 2008-07-21 15:22 <DIR> d-------- C:\Program Files\Intel
2008-07-19 02:44 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-07-19 02:44 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-07-19 02:37 . 2008-07-19 02:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 02:30 . 2003-11-03 18:15 1,902 --a------ C:\WINDOWS\system32\SetupBD.din
2008-07-19 02:29 . 2008-07-19 02:30 <DIR> d-------- C:\drvrtmp
2008-07-19 02:29 . 2004-10-14 16:30 155,648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-07-19 02:29 . 2004-11-16 17:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 22:19 1,164 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-07-19 05:57 558,142 ----a-w C:\WINDOWS\java\Packages\XNLN1RFZ.ZIP
2008-07-19 05:57 155,995 ----a-w C:\WINDOWS\java\Packages\Q2M6IW45.ZIP
2008-07-19 04:15 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:41 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 09:39 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-14 04:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-14 03:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-29_21.09.40.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-27 09:22:32 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 10:40:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3GDR\tzchange.exe
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-07-30 19:27:46 2,174 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{43837170-7C3D-4F89-A674-40811CFA91BB}.bin
- 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 12:00:00 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-07-30 00:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-30 18:27:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-30 00:33:40 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-30 18:27:26 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-04 12:00:00 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-04 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2004-08-04 12:00:00 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll
+ 2008-01-10 18:44:47 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll
- 2004-08-04 12:00:00 1,016,832 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 150,528 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 23:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-08-04 12:00:00 1,053,696 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 257,024 -c--a-w C:\WINDOWS\system32\dllcache\infocomm.dll
+ 2008-01-10 05:20:21 257,024 -c--a-w C:\WINDOWS\system32\dllcache\infocomm.dll
- 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 12:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 12:00:00 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-04 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-04 12:00:00 1,483,264 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 32,768 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
+ 2006-11-20 08:42:45 33,280 -c--a-w C:\WINDOWS\system32\dllcache\snmp.exe
- 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00:00 601,088 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 656,384 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 12:00:00 430,592 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 23:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-04 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 23:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 23:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-04 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 23:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 23:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll
+ 2008-01-10 18:44:47 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll
- 2004-08-04 12:00:00 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll
+ 2008-01-10 05:20:21 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll
- 2008-07-30 01:05:24 226,330 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-30 14:50:14 226,329 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2004-08-04 12:00:00 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
+ 2007-06-26 08:27:40 363,520 ----a-w C:\WINDOWS\system32\inetsrv\w3svc.dll
- 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 12:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-04 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 12:00:00 32,768 ----a-w C:\WINDOWS\system32\snmp.exe
+ 2006-11-20 08:42:45 33,280 ----a-w C:\WINDOWS\system32\snmp.exe
- 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-08-04 12:00:00 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2004-08-04 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-30 14:46:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 12:44 202544]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 12:44 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 12:44 202544]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S2 MLPTDR_B;MLPTDR_B;C:\WINDOWS\system32\MLPTDR_B.SYS [2003-09-02 15:06]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-22 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-22 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 17:08:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-30 17:10:19
ComboFix-quarantined-files.txt 2008-07-30 21:10:05
ComboFix2.txt 2008-07-30 01:10:16

Pre-Run: 28,340,338,688 bytes free
Post-Run: 28,331,569,152 bytes free

487 --- E O F --- 2008-07-30 13:41:11



HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:18 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 5443 bytes



And so far my computer seems to be running better than it had been. I don't have any more firefox problems.
And I don't get a RUNDLL error at startup anymore, and the automatic updates are working again.

Edited by septjester42, 30 July 2008 - 03:29 PM.

[Thunderbird1988]

Hello septjester42,

Congratulations, your log is clean.

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Reenable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Thunderbird1988

[Thunderbird1988]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.