Jump to content

chburnell

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OK - We have done these final steps (we had to remember to disable AVG before we ran the uninstall of ComboFix). Everything seems to be working properly. We have uninstalled Avira Antivir and left AVG on the computer. What should we do to prevent future invasions? Is having Malwarebytes and AVG sufficient? (We have paid versions of both). Does Malwarebytes "Immunize" like Spybot does? Thank you for helping us through this. We simply could not have done it without your help. Is there anything we can do for you?
  2. Thousands of thank you's! I have uploaded the file to bleepingcomputer.com and below I have pasted the latest combofix log. Do I look ok? can I go ahead and use my computer? Thank you ComboFix 09-03-19.02 - Owner 2009-03-21 22:23:27.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.192 [GMT -3:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) AV: AVG Anti-Virus *On-access scanning enabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\ejetoc.sys c:\program files\Common Files\ehuv._sy c:\program files\Common Files\etyxebylu.reg c:\program files\Common Files\jefyvonap.sys c:\program files\Common Files\xasibor.scr c:\program files\Common Files\yfimanet.scr c:\windows\system32\drivers\szmarywg.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASWARKRN -------\Legacy_SZMARYWG -------\Service_aswArKrn -------\Service_szmarywg ((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))))) . 2009-03-21 07:21 . 2009-03-21 07:22 <DIR> d-------- C:\ComFix 2009-03-20 23:23 . 2009-03-20 23:23 <DIR> d-------- c:\program files\Process Explorer 2009-03-20 19:34 . 2009-03-20 20:31 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-20 19:33 . 2008-06-13 10:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-20 19:33 . 2008-06-13 10:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-20 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-03-20 17:45 . 2009-03-20 21:36 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-20 17:35 . 2009-03-20 17:35 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-20 17:35 . 2009-03-20 17:35 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-20 17:35 . 2009-03-20 17:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-03-20 17:35 . 2009-03-20 17:35 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-20 17:34 . 2009-03-21 21:41 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\program files\AVG 2009-03-20 17:34 . 2009-03-20 18:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\program files\Avira 2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-19 14:34 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-03-19 14:11 . 2009-03-19 14:11 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 13:42 . 2009-03-19 13:42 395 --a------ C:\My Documents.lnk 2009-03-18 23:11 . 2009-03-18 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-18 18:03 . 2009-03-20 17:35 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks 2009-03-20 22:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-20 21:56 --------- d-----w c:\program files\a-squared Free 2009-03-20 21:54 --------- d-----w c:\program files\MozyHome 2009-03-18 04:21 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-08 19:50 --------- d-----w c:\program files\Common Files\supportsoft 2009-02-08 17:33 --------- d-----w c:\documents and settings\Owner\Application Data\SupportSoft 2009-01-24 18:25 --------- d-----w c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- c:\windows\system32\drivers\ssrangdr.sys ---- Company: SupportSoft Inc. File Description: Support.com Mirror Miniport File Version: 2.8.0.0 built by: WinDDK Product Name: SSRANG Server for Windows Copyright: Copyright © SupportSoft Inc. 2003-2008 Original file name: ssrangdr.sys MD5: f87737d83b965efa765117051e3b9d0c ---- c:\windows\system32\ssrangdr.dll ---- Company: SupportSoft Inc. File Description: Support.com Mirror Driver File Version: 2.8.0.0 built by: WinDDK Product Name: SSRANG Server for Windows Copyright: Copyright © SupportSoft Inc. 2003-2008 Original file name: ssrangdr.dll MD5: 49748d251e3d06d277c56e715bfb0a23 ((((((((((((((((((((((((((((( SnapShot_2009-03-21_ 7.49.01.74 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-30 23:19:46 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll + 2008-10-16 17:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll - 2007-07-30 23:19:46 203,096 ----a-w c:\windows\system32\wuweb.dll + 2008-10-16 17:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll + 2009-03-22 01:27:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE9E101A-6A50-43DE-9522-2ED3DEBC669B}] c:\windows\system32\capesnp.dll [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504] c:\documents and settings\All Users\Start Menu\Programs\Startup\ MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464] c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-20 17:35 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-28 09:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-01-13 10:47 163840 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-01-13 10:47 131072 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --------- 2003-09-05 18:16 184320 c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 13:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 17:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-01-13 10:46 135168 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 20:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2004-10-14 16:26 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-10-14 16:28 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] --a------ 2004-12-14 20:12 368640 c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-26 05:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-10-28 15:37 88363 c:\windows\agrsmmsg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-20 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912] R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-07-25 53752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-19 108289] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-25 206096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-25 15504] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-25 179856] S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-01-20 2560] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-04-26 26505] --- Other Services/Drivers In Memory --- *NewlyCreated* - SZMARYWG . Contents of the 'Scheduled Tasks' folder 2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{A19F1001-9531-4757-B462-7242CF981423}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 19:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-21 22:27:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\MozyHome\mozybackup.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-03-21 22:30:45 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-22 01:30:37 ComboFix2.txt 2009-03-21 10:50:02 ComboFix3.txt 2009-02-08 18:21:32 Pre-Run: 51,813,756,928 bytes free Post-Run: 51,801,972,736 bytes free 241 --- E O F --- 2009-03-21 10:21:25
  3. Thank you again for you quick response and for all the helpful information. We have run ComboFix and I will include the log on this post. About having two antivirus programs - we found instructions on this website that recommended downloading Avira Antivir. Also, following the instructions in this topic we updated AVG to AVG8. These both seem to be good programs. On the plus side for AVG we just paid for the most up-to-date version. On the plus side for Avira it was the only one announcing virus/malware activity yesterday. How do we choose which to keep? Although this is a much lower priority than getting the malware off our computer, any advice would be appreciated. Now that we have run ComboFix are we free of the malware? Malwarebytes still finds but does not delete the Registry entries we mentioned at the beginning. It looked like ComboFix removed something with .ini as the file type. This computer is about to get on an airplane and go to New York with Julia. Charles won't be able to help much after this. I appreciate your help very much. Thank You. ComboFix Log: ComboFix 09-03-19.02 - Owner 2009-03-21 7:46:16.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.199 [GMT -3:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: AVG Anti-Virus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\kebkxyfp.ini . ((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))))) . 2009-03-21 07:21 . 2009-03-21 07:22 <DIR> d-------- C:\ComFix 2009-03-20 23:23 . 2009-03-20 23:23 <DIR> d-------- c:\program files\Process Explorer 2009-03-20 19:34 . 2009-03-20 20:31 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-20 19:33 . 2008-06-13 10:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-20 19:33 . 2008-06-13 10:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-20 19:19 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-03-20 17:45 . 2009-03-20 21:36 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-20 17:35 . 2009-03-20 17:35 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-20 17:35 . 2009-03-20 17:35 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-20 17:35 . 2009-03-20 17:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys 2009-03-20 17:35 . 2009-03-20 17:35 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-20 17:34 . 2009-03-20 17:37 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\program files\AVG 2009-03-20 17:34 . 2009-03-20 18:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR 2009-03-20 17:34 . 2009-03-20 17:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\program files\Avira 2009-03-19 14:34 . 2009-03-19 14:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-19 14:34 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-03-19 14:11 . 2009-03-19 14:11 <DIR> d-------- c:\program files\Trend Micro 2009-03-19 13:42 . 2009-03-19 13:42 395 --a------ C:\My Documents.lnk 2009-03-18 23:11 . 2009-03-18 23:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-18 18:03 . 2009-03-20 17:35 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 01:59 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks 2009-03-20 22:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-20 21:56 --------- d-----w c:\program files\a-squared Free 2009-03-20 21:54 --------- d-----w c:\program files\MozyHome 2009-03-18 04:21 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2009-02-08 19:50 --------- d-----w c:\program files\Common Files\supportsoft 2009-02-08 17:33 --------- d-----w c:\documents and settings\Owner\Application Data\SupportSoft 2009-01-24 18:25 --------- d-----w c:\program files\CCleaner 2009-01-20 05:43 18,560 ----a-w c:\windows\system32\ssrangdr.dll 2008-11-06 14:28 18,650 ----a-w c:\program files\Common Files\ehuv._sy 2008-11-06 14:28 17,131 ----a-w c:\program files\Common Files\xasibor.scr 2008-11-06 14:28 14,815 ----a-w c:\documents and settings\Owner\Application Data\ejetoc.sys 2008-11-06 14:28 14,458 ----a-w c:\program files\Common Files\jefyvonap.sys 2008-11-06 14:28 14,115 ----a-w c:\program files\Common Files\etyxebylu.reg 2008-11-06 14:28 13,056 ----a-w c:\program files\Common Files\yfimanet.scr . ((((((((((((((((((((((((((((( SnapShot@2009-02-08_15.20.22.53 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll + 2008-05-07 04:55:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll + 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll + 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll + 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe + 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe + 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll + 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll + 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll + 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll + 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll + 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe + 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll + 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys + 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys + 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll + 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll + 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll + 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll + 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll + 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll + 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe + 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll + 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe + 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll + 2008-06-13 13:10:50 272,128 ------w c:\windows\Driver Cache\i386\bthport.sys - 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys - 2007-02-28 09:08:48 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-02-08 19:11:27 884,736 ----a-w c:\windows\gmer.dll + 2008-04-18 00:13:02 811,008 ----a-w c:\windows\gmer.exe + 2008-03-01 13:06:20 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-03-01 13:06:21 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-03-01 13:06:21 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-03-01 13:06:21 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-03-01 13:06:21 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-02-29 08:55:23 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-03-01 13:06:21 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-03-01 13:06:21 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-03-01 13:06:22 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-03-01 13:06:22 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-03-01 13:06:24 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-03-01 13:06:25 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-02-29 08:55:46 625,664 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-03-01 13:06:25 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-03-01 13:06:26 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-03-01 13:06:26 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-03-01 22:36:30 3,591,680 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-03-01 13:06:28 478,208 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-03-01 13:06:28 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-03-01 13:06:29 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-03-01 13:06:29 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-03-01 13:06:29 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-03-01 13:06:29 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-03-01 13:06:30 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-03-01 13:06:31 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2008-03-01 13:06:20 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll - 2007-07-30 23:19:20 92,504 ----a-w c:\windows\system32\cdm.dll + 2008-10-16 17:09:44 92,696 ----a-w c:\windows\system32\cdm.dll - 2008-03-01 13:06:20 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2006-02-28 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys + 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys - 2007-07-30 23:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll + 2008-10-16 17:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll - 2008-02-20 05:32:43 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll - 2008-03-01 13:06:21 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll - 2008-03-01 13:06:21 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll - 2005-07-26 04:39:45 243,200 -c--a-w c:\windows\system32\dllcache\es.dll + 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll - 2008-03-01 13:06:21 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll - 2008-02-20 06:51:05 282,624 -c--a-w c:\windows\system32\dllcache\gdi32.dll + 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll - 2008-03-01 13:06:21 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-02-29 08:55:23 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe - 2008-03-01 13:06:21 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-03-01 13:06:21 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll - 2008-03-01 13:06:22 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-03-01 13:06:22 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-03-01 13:06:24 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-03-01 13:06:25 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-02-29 08:55:46 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2007-08-21 06:15:44 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll + 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll - 2008-03-01 13:06:25 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll - 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-18 04:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys + 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys - 2006-02-28 12:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll + 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll - 2005-06-29 01:46:00 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll + 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll - 2008-03-01 13:06:26 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-03-01 13:06:26 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-03-01 22:36:30 3,591,680 -c----w c:\windows\system32\dllcache\mshtml.dll + 2009-01-17 00:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll - 2008-03-01 13:06:28 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll - 2008-03-01 13:06:28 193,024 -c----w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll - 2008-03-01 13:06:29 671,232 -c----w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll - 2006-02-28 12:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll + 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll - 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll + 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll - 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll + 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll - 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe + 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe - 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe - 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe + 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe - 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe - 2008-03-01 13:06:29 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-03-01 13:06:29 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:03 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys - 2007-04-25 14:21:15 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll + 2008-12-05 07:12:45 144,896 -c--a-w c:\windows\system32\dllcache\schannel.dll - 2007-10-26 03:34:01 8,460,288 -c--a-w c:\windows\system32\dllcache\shell32.dll + 2008-07-03 13:03:29 8,460,800 -c--a-w c:\windows\system32\dllcache\shell32.dll - 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys + 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys - 2006-08-21 13:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2007-10-30 17:20:55 360,064 -c--a-w c:\windows\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys - 2008-03-01 13:06:29 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-03-01 13:06:30 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll - 2008-03-01 13:06:30 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-03-19 09:47:00 1,845,248 -c--a-w c:\windows\system32\dllcache\win32k.sys + 2009-02-09 10:19:34 1,846,272 -c--a-w c:\windows\system32\dllcache\win32k.sys - 2008-03-01 13:06:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll - 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll + 2008-06-18 08:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2007-06-12 03:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll + 2008-11-11 21:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll - 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-18 08:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2007-07-30 23:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll + 2008-10-16 17:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll - 2007-07-30 23:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe + 2008-10-16 17:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll + 2008-10-16 17:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll - 2007-07-30 23:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll + 2008-10-16 17:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll - 2007-07-30 23:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll + 2008-10-16 17:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll - 2008-02-20 05:32:43 148,992 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll - 2006-02-28 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys - 2008-04-26 23:34:49 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-03-20 20:35:02 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-02-13 14:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2009-02-13 14:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2009-02-13 17:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys + 2009-02-08 19:11:28 85,969 ----a-w c:\windows\system32\drivers\gmer.sys - 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys - 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys + 2009-02-13 14:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys - 2007-10-30 17:20:55 360,064 ----a-w c:\windows\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-10-24 18:51:58 53,752 -c--a-w c:\windows\system32\DRVSTORE\mozy_D0E4F2BAD67022FABD2BB62852FB977159B1D89B\mozy.sys - 2008-03-01 13:06:21 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-03-01 13:06:21 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll - 2008-03-01 13:06:21 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-04-28 00:06:41 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-21 10:34:30 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll - 2008-03-01 13:06:21 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-02-29 08:55:23 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-03-01 13:06:21 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-03-01 13:06:21 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-03-01 13:06:22 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-03-01 13:06:22 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-03-01 13:06:24 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-03-01 13:06:24 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-03-01 13:06:25 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll - 2008-03-01 13:06:25 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe + 2008-06-18 04:09:22 100,864 ----a-w c:\windows\system32\logagent.exe - 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll - 2008-03-01 13:06:26 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-03-01 13:06:26 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-03-01 22:36:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll + 2009-01-17 00:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-03-01 13:06:28 478,208 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-03-01 13:06:28 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-03-01 13:06:29 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll - 2006-02-28 12:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll - 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2007-05-15 19:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll + 2008-08-29 23:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll - 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll - 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe - 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe - 2008-03-01 13:06:29 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll - 2008-03-01 13:06:29 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-10-29 22:43:03 1,287,680 ----a-w c:\windows\system32\quartz.dll + 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll - 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll + 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll - 2007-10-26 03:34:01 8,460,288 ----a-w c:\windows\system32\shell32.dll + 2008-07-03 13:03:29 8,460,800 ----a-w c:\windows\system32\shell32.dll + 2008-10-16 17:12:20 561,688 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll + 2008-10-16 17:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll + 2008-10-16 17:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll - 2006-09-25 21:58:48 14,640 ----a-w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll - 2006-10-16 20:10:58 23,856 ----a-w c:\windows\system32\spupdsvc.exe + 2007-07-27 12:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe - 2006-08-21 13:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll - 2007-11-13 11:31:11 60,416 ----a-w c:\windows\system32\tzchange.exe + 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe - 2008-03-01 13:06:29 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-03-01 13:06:30 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-03-01 13:06:30 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-03-01 13:06:31 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll - 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll + 2008-06-18 08:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll - 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll + 2008-11-11 21:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll - 2006-10-19 01:47:20 295,936 ----a-w c:\windows\system32\wmpeffects.dll + 2008-06-24 21:12:58 295,936 ----a-w c:\windows\system32\wmpeffects.dll - 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-18 08:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll - 2007-07-30 23:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll + 2008-10-16 17:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll - 2007-07-30 23:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe + 2008-10-16 17:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe - 2007-07-30 23:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll + 2008-10-16 17:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll - 2007-07-30 23:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll + 2008-10-16 17:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll - 2007-07-30 23:18:40 33,624 ----a-w c:\windows\system32\wups.dll + 2008-10-16 17:08:58 34,328 ----a-w c:\windows\system32\wups.dll - 2007-07-30 23:19:12 43,352 ----a-w c:\windows\system32\wups2.dll + 2008-10-16 17:09:44 43,544 ----a-w c:\windows\system32\wups2.dll + 2009-03-21 10:34:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d4.dat + 2006-12-02 01:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-02 03:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 03:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 03:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 03:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-02 03:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 03:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 03:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 03:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-02 03:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2008-07-29 11:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2008-07-29 06:54:08 225,280 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 11:05:08 572,928 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 11:05:08 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 11:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2008-07-29 11:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2008-07-29 09:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 11:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 11:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 11:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 11:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 11:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 11:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 11:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 11:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 11:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2007-11-07 05:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2009-03-16 16:35 2788152 --a------ c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504] c:\documents and settings\All Users\Start Menu\Programs\Startup\ MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464] c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-03-16 2737464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-20 17:35 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2006-02-28 09:00 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-01-13 10:47 163840 c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-01-13 10:47 131072 c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-19 14:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] --------- 2003-09-05 18:16 184320 c:\program files\ltmoh\ltmoh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 13:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 17:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-01-13 10:46 135168 c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 20:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2004-10-14 16:26 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-10-14 16:28 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey] --a------ 2004-12-14 20:12 368640 c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-26 05:07 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-10-28 15:37 88363 c:\windows\agrsmmsg.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-20 12552] R0 szmarywg;szmarywg;c:\windows\system32\drivers\szmarywg.sys [2006-02-28 23424] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912] R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-07-25 53752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-19 108289] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-11-25 206096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-11-25 15504] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-25 179856] S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-01-20 2560] S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2008-04-26 26505] S4 aswArKrn;aswArKrn;\??\c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\aswArKrn.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26b0a273-68e2-11dd-a915-0013ce84f3b6}] \Shell\AutoRun\command - dll32.exe \Shell\open\command - dll32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86654760-14dc-11dd-a878-0013ce84f3b6}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe . Contents of the 'Scheduled Tasks' folder 2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-20 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19] 2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{A19F1001-9531-4757-B462-7242CF981423}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 19:36] . - - - - ORPHANS REMOVED - - - - BHO-{CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - c:\windows\system32\capesnp.dll MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-21 07:48:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-03-21 7:50:01 ComboFix-quarantined-files.txt 2009-03-21 10:49:49 ComboFix2.txt 2009-02-08 18:21:32 Pre-Run: 51,625,263,104 bytes free Post-Run: 51,864,825,856 bytes free 638 --- E O F --- 2009-03-21 10:21:25
  4. Thank you for your suggestions you sent earlier. We have done what you suggested. We have updated to the newest paid version of AVG. We have updated to the newest paid version of Malwarebytes. We have run scans using AVG, Malwarebytes, and Antivir. There are 4 registry entries that Malwarebytes does not seem to be able to remove - even after a reboot. Antivir has been sending us a continuous stream of warnings to quarantine/delete/deny access to files it finds. Most of these look like the same thing. If there is anything you can do to help, please let us know. I have posted this here and as a new topic in "hijack this logs" Here are the Hijack This and Malwarebytes Logs. Thank you, Charles and Julia Burnell Hijack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:56 PM, on 3/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].tmp C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - C:\WINDOWS\system32\capesnp.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.library.nyu.edu:6305/lib/ny...s/ebraryRdr.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209244847249 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 7030 bytes MalwareBytes Log File: Malwarebytes' Anti-Malware 1.34 Database version: 1879 Windows 5.1.2600 Service Pack 2 3/20/2009 8:50:15 PM mbam-log-2009-03-20 (20-50-15).txt Scan type: Quick Scan Objects scanned: 66569 Time elapsed: 18 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\rlumwtlk.dat (Rootkit.Agent) -> Delete on reboot.
  5. Thank you for your suggestions you sent earlier. We have done what you suggested. We have updated to the newest paid version of AVG. We have updated to the newest paid version of Malwarebytes. We have run scans using AVG, Malwarebytes, and Antivir. There are 4 registry entries that Malwarebytes does not seem to be able to remove - even after a reboot. Antivir has been sending us a continuous stream of warnings to quarantine/delete/deny access to files it finds. Most of these look like the same thing. If there is anything you can do to help, please let us know. I have also posted this as a reply to our original subject. Here are the Hijack This and Malwarebytes Logs. Thank you, Charles and Julia Burnell Hijack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:56 PM, on 3/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I0MELS7J\aswclnr[2].tmp C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - C:\WINDOWS\system32\capesnp.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.library.nyu.edu:6305/lib/ny...s/ebraryRdr.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209244847249 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 7030 bytes MalwareBytes Log File: Malwarebytes' Anti-Malware 1.34 Database version: 1879 Windows 5.1.2600 Service Pack 2 3/20/2009 8:50:15 PM mbam-log-2009-03-20 (20-50-15).txt Scan type: Quick Scan Objects scanned: 66569 Time elapsed: 18 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temp\rlumwtlk.dat (Rootkit.Agent) -> Delete on reboot.
  6. antivirus protect showed up on my computer last night and malwarebytes was able to remove all but 4 infected registry entries. My computer continues to work slowly. I have also downloaded and run avira and that didn't even detect the infected items! The four registry entries are: HKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/bf HKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/bk HHKEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/iu KEY_LOCAL.MAchine/software/microsoft/windows/currentversion/explorer/browsersettings/mu Below I have posted my hijackthis log and my malwarebytes log. Please help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:11:41 PM, on 3/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {CE9E101A-6A50-43DE-9522-2ED3DEBC669B} - C:\WINDOWS\system32\capesnp.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.library.nyu.edu:6305/lib/ny...s/ebraryRdr.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209244847249 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 5662 bytes Malwarebytes' Anti-Malware 1.33Database version: 1675 Windows 5.1.2600 Service Pack 2 3/19/2009 1:38:13 PM mbam-log-2009-03-19 (13-38-09).txt Scan type: Quick Scan Objects scanned: 49927 Time elapsed: 3 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.