jv308
Members-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jv308
-
i cant open mbam since i was serfing the web and a pop up of xp internet security 2012 pop up and it doesnt let me do anuthing ,i click on the mbam icon and nothing hapens . i realy appreciate if someone can help me with this problem thank you
-
have a problem with malwarebytes will not start
jv308 replied to jv308's topic in Resolved Malware Removal Logs
i fix the problem i had thanks to the easy fix on this forum thank you guys -
thank you so much you have been great help
-
im going to do a full scan with malwarebytes now
-
hello kenny everything is running perfect you are the man i cannot thank you enough
-
hello kenny ok here is the log you ask for ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e89e859572c25744950cd86cfaa9b6da # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-19 02:52:46 # local_time=2009-11-18 09:52:46 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 100 0 34923830 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=95900 # found=7 # cleaned=0 # scan_time=4576 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{04B647D3-CB3E-4201-A21F-C520B3A24099}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{14E1383C-C500-4942-8DA8-665B59BD12A9}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{49A6E52E-633A-408F-A4B2-AB2D28EC4A9C}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{720A5347-E6C1-49B4-8030-5A74FDA9FCA0}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{CA338DD3-EAF5-488C-9A2C-D7D35A6F8170}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\gefejuro.dll.vir a variant of Win32/Kryptik.BBO trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1516\A0199071.dll a variant of Win32/Kryptik.BBO trojan 00000000000000000000000000000000 I
-
hello, kenny here is the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:51 PM, on 11/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/...NIn_oD0adXidsGA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178754039255 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB16D75-9859-40C9-B40B-556A19E4868C}: NameServer = 4.2.2.1,4.2.2.2 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://i71.photobucket.com/albums/i142/jig...flyfairysad.jpg -- End of file - 9448 bytes
-
hello kenny ok here is the log from the quick scan Malwarebytes' Anti-Malware 1.41 Database version: 3195 Windows 5.1.2600 Service Pack 2 11/18/2009 5:40:21 PM mbam-log-2009-11-18 (17-40-21).txt Scan type: Quick Scan Objects scanned: 99912 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\19551627 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\19551627\19551627.bat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
-
HELLO KENNY i try to run mbam-clean.exe but i get an error that reads " shgetvalue failed with error code 0 "
-
by the way the only thing i see from symantec is the live update ; should i delete that also? thank you again for your help and time
-
hello kenny ok its done here is the log from combofix ComboFix 09-11-18.04 - Compaq_Owner 11/17/2009 17:37.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.96 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\All Users\Application Data\A88E87AE21.sys" "c:\windows\system32\gefejuro.dll" "c:\windows\system32\papulihe.dll" "c:\windows\system32\sejohedo.dll" "c:\windows\system32\sozejudu.dll" "c:\windows\system32\wuwelivo.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\A88E87AE21.sys c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus c:\windows\system32\gefejuro.dll c:\windows\system32\papulihe.dll c:\windows\system32\sejohedo.dll c:\windows\system32\sozejudu.dll . ((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 ))))))))))))))))))))))))))))))) . 2009-11-17 19:10 . 2009-11-17 19:13 -------- d-----w- c:\windows\LastGood 2009-11-17 08:03 . 2009-11-17 08:03 -------- d-----w- c:\windows\ServicePackFiles 2009-11-15 22:48 . 2009-11-15 22:48 -------- d--h--w- c:\windows\PIF 2009-11-14 20:07 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-14 20:07 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-14 20:07 . 2009-11-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-14 17:41 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-14 17:41 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-14 17:41 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-14 17:41 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\program files\Avira 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-12 01:51 . 2009-11-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\19551627 2009-11-12 01:51 . 2009-11-12 01:51 274 ----a-w- c:\documents and settings\All Users\Application Data\19551627\19551627.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-17 22:17 . 2005-05-09 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-17 22:17 . 2005-05-09 18:03 -------- d-----w- c:\program files\Symantec 2009-11-14 19:31 . 2005-05-09 18:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-01 18:36 . 2007-05-15 22:37 2454 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2009-10-05 21:02 . 2009-07-13 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-05 21:02 . 2009-01-14 23:03 -------- d-----w- c:\program files\Corel 2009-10-05 19:10 . 2009-10-29 14:48 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll 2009-10-05 19:10 . 2009-10-29 14:48 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe 2009-10-05 19:10 . 2009-10-29 14:48 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe 2009-10-05 19:10 . 2009-10-29 14:48 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll 2009-10-05 19:10 . 2009-10-29 14:48 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-17_00.09.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-05-26 08:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll + 2004-08-04 12:00 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll + 2004-08-04 12:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe - 2005-08-13 03:27 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe + 2005-08-13 03:27 . 2007-07-27 15:41 26488 c:\windows\system32\spupdsvc.exe + 2008-07-19 03:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll - 2008-07-19 03:11 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2009-11-17 00:21 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-11-17 00:21 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll - 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll + 2006-11-08 02:03 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll - 2006-11-08 02:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll - 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll + 2006-11-07 08:26 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe - 2006-11-07 08:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe - 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll - 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe + 2006-10-17 16:58 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll - 2006-10-17 16:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll + 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\fontsub.dll + 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys + 2004-08-04 12:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll + 2004-08-04 12:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll + 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll - 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll - 2007-05-09 20:46 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2007-05-09 20:46 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll + 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys - 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll - 2007-05-09 20:46 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe + 2007-05-09 20:46 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll + 2004-08-04 12:00 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll + 2007-08-20 10:04 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll + 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll + 2004-08-04 12:00 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll - 2004-08-04 12:00 . 2007-01-09 00:01 17408 c:\windows\system32\dllcache\corpol.dll + 2004-08-04 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\dllcache\avifil32.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\atl.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2005-05-09 17:38 . 2009-06-11 07:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2005-05-09 17:38 . 2009-11-17 08:16 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2005-05-09 17:38 . 2009-11-17 08:16 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2006-12-02 00:22 . 2009-06-11 07:07 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2006-12-02 00:22 . 2009-11-17 08:07 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2007-03-22 22:07 . 2007-03-22 22:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL + 2007-03-22 22:07 . 2007-03-22 22:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL + 2007-03-22 22:07 . 2007-03-22 22:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll + 2009-11-17 08:08 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll + 2009-11-17 08:08 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll + 2009-11-17 08:08 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe + 2009-11-17 08:08 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll + 2009-11-17 08:08 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll + 2009-11-17 08:08 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe + 2009-11-17 08:08 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll + 2009-11-17 08:08 . 2007-01-09 00:01 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll + 2009-11-17 08:05 . 2009-11-17 08:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c920bfe2\System.Drawing.Design.dll + 2009-11-17 08:05 . 2009-11-17 08:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_dae9040b\CustomMarshalers.dll - 2005-05-09 17:38 . 2009-06-11 07:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2004-08-04 12:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll + 2004-08-04 12:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll + 2004-08-04 12:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll + 2004-08-04 11:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll - 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll - 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll + 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\t2embed.dll + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll - 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll + 2005-05-26 08:19 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll + 2007-05-10 19:34 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll + 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll - 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll - 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll - 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll - 2006-11-08 02:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll + 2006-11-08 02:03 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll + 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll - 2006-10-17 16:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll + 2006-10-17 16:57 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll - 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll + 2006-10-17 16:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll - 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll - 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll - 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll - 2005-01-27 04:56 . 2009-06-11 07:13 189000 c:\windows\system32\FNTCACHE.DAT + 2005-01-27 04:56 . 2009-11-17 08:33 189000 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll - 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll + 2004-08-04 12:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-08-04 12:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-08-04 12:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2004-08-04 11:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll - 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 11:00 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll - 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll + 2004-08-04 12:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll - 2004-08-04 12:00 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll + 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll + 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll - 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll + 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll + 2007-05-09 20:46 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll - 2007-05-09 20:46 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll + 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll + 2004-08-04 12:00 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe - 2007-05-09 20:46 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll + 2007-05-09 20:46 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2007-05-09 20:46 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll - 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll - 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll - 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2009-11-17 19:10 . 2008-10-16 19:06 208744 c:\windows\LastGood\system32\muweb.dll + 2009-11-17 19:10 . 2008-10-16 19:06 268648 c:\windows\LastGood\system32\mucltui.dll + 2009-11-17 08:03 . 2009-11-17 08:03 195584 c:\windows\Installer\1b31c14.msi - 2005-05-09 17:38 . 2009-06-11 07:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2005-05-09 17:38 . 2009-06-11 07:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-05-09 17:38 . 2009-06-11 07:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-05-09 17:38 . 2009-06-11 07:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-05-09 17:38 . 2009-11-17 08:16 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2006-12-02 00:22 . 2009-11-17 08:07 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-12-02 00:22 . 2009-06-11 07:07 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-03-22 22:22 . 2007-03-22 22:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL + 2008-07-14 07:05 . 2008-07-14 07:05 464272 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL + 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL + 2003-07-15 17:18 . 2003-07-15 17:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll + 2009-11-17 08:08 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll + 2009-11-17 08:08 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB974455-IE7\url.dll + 2009-11-17 08:08 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll + 2009-11-17 08:08 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe + 2009-11-17 08:08 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll + 2009-11-17 08:08 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll + 2009-11-17 08:08 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll + 2009-11-17 08:08 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll + 2009-11-17 08:08 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll + 2009-11-17 08:08 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB974455-IE7\iexplore.exe + 2009-11-17 08:08 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll + 2009-11-17 08:08 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll + 2009-11-17 08:08 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll + 2009-11-17 08:08 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll + 2009-11-17 08:08 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll + 2009-11-17 08:08 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll + 2009-11-17 08:08 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll + 2009-11-17 08:08 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll + 2009-11-17 08:08 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll + 2009-11-17 08:08 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll + 2009-11-17 08:06 . 2009-11-17 08:06 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e6d90fd1\System.Drawing.dll + 2009-11-17 08:06 . 2009-11-17 08:06 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_12e0160f\System.Drawing.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5b9ea10f\CustomMarshalers.dll + 2009-11-17 08:13 . 2009-11-17 08:13 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll + 2009-11-17 00:39 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2004-08-04 12:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll - 2004-08-04 11:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 11:00 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll - 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll + 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys + 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll - 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll + 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll + 2004-08-04 12:00 . 2009-08-04 14:00 2180352 c:\windows\system32\ntoskrnl.exe - 2004-08-04 18:00 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 18:00 . 2009-08-04 13:13 2057728 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll + 2006-11-08 02:03 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll + 2006-09-06 04:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat + 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL + 2004-08-04 12:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-04 11:00 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll - 2004-08-04 11:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll - 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll + 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys + 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll - 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll + 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll + 2006-12-19 14:17 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe + 2006-12-19 12:55 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 12:55 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 14:15 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe - 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-04 12:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll + 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll + 2007-05-09 20:46 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll + 2007-05-09 20:46 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-08-21 15:14 . 2009-08-21 15:14 8363008 c:\windows\Installer\1b31cc9.msp + 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\1b31cb0.msp + 2009-10-22 17:46 . 2009-10-22 17:46 6821888 c:\windows\Installer\1b31c9d.msp + 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\1b31c89.msp + 2009-10-06 23:40 . 2009-10-06 23:40 7681024 c:\windows\Installer\1b31c74.msp + 2009-08-25 15:59 . 2009-08-25 15:59 3731456 c:\windows\Installer\1b31c61.msp + 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\1b31c50.msp + 2009-10-22 17:28 . 2009-10-22 17:28 5521408 c:\windows\Installer\1b31c26.msp + 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL + 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll + 2009-11-17 08:08 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB974455-IE7\mshtml.dll + 2009-11-17 08:08 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll + 2009-11-17 08:08 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat + 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-11-17 08:06 . 2009-11-17 08:06 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_658763ff\System.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b875a29\System.dll + 2009-11-17 08:06 . 2009-11-17 08:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_37da9ce8\System.Xml.dll + 2009-11-17 08:06 . 2009-11-17 08:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2e031cfa\System.Xml.dll + 2009-11-17 08:05 . 2009-11-17 08:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_49f3186f\System.Windows.Forms.dll + 2009-11-17 08:06 . 2009-11-17 08:06 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_30360280\System.Windows.Forms.dll + 2009-11-17 08:06 . 2009-11-17 08:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16fe61dd\System.Drawing.dll + 2009-11-17 08:06 . 2009-11-17 08:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f3e21fd8\System.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_66320bdf\System.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c6eb97d1\mscorlib.dll + 2009-11-17 08:06 . 2009-11-17 08:06 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5dc71958\mscorlib.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2007-07-11 07:02 . 2007-07-11 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2007-07-11 07:02 . 2007-07-11 07:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-11-17 08:10 . 2009-11-05 14:36 26768832 c:\windows\system32\MRT.exe + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\1b31c8a.msp + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\1b31c3e.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Compaq_Owner\\My Documents\\My Music\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\logon.scr"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35901:TCP"= 35901:TCP:PORT_35901 "36015:TCP"= 36015:TCP:PORT_36015 "14363:TCP"= 14363:TCP:PORT_14363 "14137:TCP"= 14137:TCP:PORT_14137 "58300:TCP"= 58300:TCP:PORT_58300 "42810:TCP"= 42810:TCP:PORT_42810 "27547:TCP"= 27547:TCP:PORT_27547 "56336:TCP"= 56336:TCP:PORT_56336 "16721:TCP"= 16721:TCP:PORT_16721 "52740:TCP"= 52740:TCP:PORT_52740 "58344:TCP"= 58344:TCP:PORT_58344 "37975:TCP"= 37975:TCP:PORT_37975 "16535:TCP"= 16535:TCP:PORT_16535 "60000:TCP"= 60000:TCP:PORT_60000 "52194:TCP"= 52194:TCP:PORT_52194 "60121:TCP"= 60121:TCP:PORT_60121 "33836:TCP"= 33836:TCP:PORT_33836 "45680:TCP"= 45680:TCP:PORT_45680 "53493:TCP"= 53493:TCP:PORT_53493 "8465:TCP"= 8465:TCP:PORT_8465 "57886:TCP"= 57886:TCP:PORT_57886 "50953:TCP"= 50953:TCP:PORT_50953 "32593:TCP"= 32593:TCP:PORT_32593 "48895:TCP"= 48895:TCP:PORT_48895 "49556:TCP"= 49556:TCP:PORT_49556 "17866:TCP"= 17866:TCP:PORT_17866 "20763:TCP"= 20763:TCP:PORT_20763 "58961:TCP"= 58961:TCP:PORT_58961 "49295:TCP"= 49295:TCP:PORT_49295 "60754:TCP"= 60754:TCP:PORT_60754 "26600:TCP"= 26600:TCP:PORT_26600 "49785:TCP"= 49785:TCP:PORT_49785 "19176:TCP"= 19176:TCP:PORT_19176 "13326:TCP"= 13326:TCP:PORT_13326 "23700:TCP"= 23700:TCP:PORT_23700 "35161:TCP"= 35161:TCP:PORT_35161 "27641:TCP"= 27641:TCP:PORT_27641 "7540:TCP"= 7540:TCP:PORT_7540 "55399:TCP"= 55399:TCP:PORT_55399 "33367:TCP"= 33367:TCP:PORT_33367 "38863:TCP"= 38863:TCP:PORT_38863 "11030:TCP"= 11030:TCP:PORT_11030 "23228:TCP"= 23228:TCP:PORT_23228 "55170:TCP"= 55170:TCP:PORT_55170 "43521:TCP"= 43521:TCP:PORT_43521 "48700:TCP"= 48700:TCP:PORT_48700 "17594:TCP"= 17594:TCP:PORT_17594 "26996:TCP"= 26996:TCP:PORT_26996 "15350:TCP"= 15350:TCP:PORT_15350 "34606:TCP"= 34606:TCP:PORT_34606 "63407:TCP"= 63407:TCP:PORT_63407 "35101:TCP"= 35101:TCP:PORT_35101 "9600:TCP"= 9600:TCP:PORT_9600 "58883:TCP"= 58883:TCP:PORT_58883 "18320:TCP"= 18320:TCP:PORT_18320 "7188:TCP"= 7188:TCP:PORT_7188 "30985:TCP"= 30985:TCP:PORT_30985 "48863:TCP"= 48863:TCP:PORT_48863 "33825:TCP"= 33825:TCP:PORT_33825 "50010:TCP"= 50010:TCP:PORT_50010 "33235:TCP"= 33235:TCP:PORT_33235 "18770:TCP"= 18770:TCP:PORT_18770 "56004:TCP"= 56004:TCP:PORT_56004 "20825:TCP"= 20825:TCP:PORT_20825 "35879:TCP"= 35879:TCP:PORT_35879 "15121:TCP"= 15121:TCP:PORT_15121 "15236:TCP"= 15236:TCP:PORT_15236 "44825:TCP"= 44825:TCP:PORT_44825 "5457:TCP"= 5457:TCP:PORT_5457 "40083:TCP"= 40083:TCP:PORT_40083 "26973:TCP"= 26973:TCP:PORT_26973 "54255:TCP"= 54255:TCP:PORT_54255 "46961:TCP"= 46961:TCP:PORT_46961 "23988:TCP"= 23988:TCP:PORT_23988 "5461:TCP"= 5461:TCP:PORT_5461 "53852:TCP"= 53852:TCP:PORT_53852 "31645:TCP"= 31645:TCP:PORT_31645 "62654:TCP"= 62654:TCP:PORT_62654 "63219:TCP"= 63219:TCP:PORT_63219 "7469:TCP"= 7469:TCP:PORT_7469 "63582:TCP"= 63582:TCP:PORT_63582 "24243:TCP"= 24243:TCP:PORT_24243 "18208:TCP"= 18208:TCP:PORT_18208 "61547:TCP"= 61547:TCP:PORT_61547 "54583:TCP"= 54583:TCP:PORT_54583 "5805:TCP"= 5805:TCP:PORT_5805 "63617:TCP"= 63617:TCP:PORT_63617 "45241:TCP"= 45241:TCP:PORT_45241 "30005:TCP"= 30005:TCP:PORT_30005 "61763:TCP"= 61763:TCP:PORT_61763 "14190:TCP"= 14190:TCP:PORT_14190 "39607:TCP"= 39607:TCP:PORT_39607 "38645:TCP"= 38645:TCP:PORT_38645 "30931:TCP"= 30931:TCP:PORT_30931 "5848:TCP"= 5848:TCP:PORT_5848 "45395:TCP"= 45395:TCP:PORT_45395 "19191:TCP"= 19191:TCP:PORT_19191 "14078:TCP"= 14078:TCP:PORT_14078 "30137:TCP"= 30137:TCP:PORT_30137 "64565:TCP"= 64565:TCP:PORT_64565 "18523:TCP"= 18523:TCP:PORT_18523 "22610:TCP"= 22610:TCP:PORT_22610 "27395:TCP"= 27395:TCP:PORT_27395 "8133:TCP"= 8133:TCP:PORT_8133 "22043:TCP"= 22043:TCP:PORT_22043 "53461:TCP"= 53461:TCP:PORT_53461 "28260:TCP"= 28260:TCP:PORT_28260 "63226:TCP"= 63226:TCP:PORT_63226 "38466:TCP"= 38466:TCP:PORT_38466 "21759:TCP"= 21759:TCP:PORT_21759 "59818:TCP"= 59818:TCP:PORT_59818 "6578:TCP"= 6578:TCP:PORT_6578 "41098:TCP"= 41098:TCP:PORT_41098 "34255:TCP"= 34255:TCP:PORT_34255 "15219:TCP"= 15219:TCP:PORT_15219 "45707:TCP"= 45707:TCP:PORT_45707 "23075:TCP"= 23075:TCP:PORT_23075 "40066:TCP"= 40066:TCP:PORT_40066 "30776:TCP"= 30776:TCP:PORT_30776 "34940:TCP"= 34940:TCP:PORT_34940 "61588:TCP"= 61588:TCP:PORT_61588 "26790:TCP"= 26790:TCP:PORT_26790 "24665:TCP"= 24665:TCP:PORT_24665 "57149:TCP"= 57149:TCP:PORT_57149 "24667:TCP"= 24667:TCP:PORT_24667 "43656:TCP"= 43656:TCP:PORT_43656 "10076:TCP"= 10076:TCP:PORT_10076 "35184:TCP"= 35184:TCP:PORT_35184 "31688:TCP"= 31688:TCP:PORT_31688 "32223:TCP"= 32223:TCP:PORT_32223 "59961:TCP"= 59961:TCP:PORT_59961 "21681:TCP"= 21681:TCP:PORT_21681 "12373:TCP"= 12373:TCP:PORT_12373 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/14/2009 12:41 PM 108289] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:11 PM 24652] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106] S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE --> c:\windows\PSEXESVC.EXE [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [3/26/2009 6:17 PM 500736] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-17 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-09 07:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=4yqASPdNIn_oD0adXidsGA uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: {7DB16D75-9859-40C9-B40B-556A19E4868C} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=4yqASPdNIn_oD0adXidsGA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-17 17:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\awgina.dll . Completion time: 2009-11-17 17:50 ComboFix-quarantined-files.txt 2009-11-17 22:50 ComboFix2.txt 2009-11-17 00:36 Pre-Run: 122,160,410,624 bytes free Post-Run: 122,117,869,568 bytes free - - End Of File - - 6F30C7743CC9BCBAC2CFFB3860FF25ED
-
hello kenny thank you for your time i just did what you ask me and is telling me there is a new version of combofix ,should i update combofix?before continuing?
-
ok it gave the log for combofix but i cant open malwarebytes , here is the log ComboFix 09-11-17.01 - Compaq_Owner 11/16/2009 18:55.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.177 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\windows\command c:\windows\command\EXTRACT.PIF c:\windows\NDNuninstall6_38.exe c:\windows\system32\benosafi.dll c:\windows\system32\buborefu.dll c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\EULA.url c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\windows\system32\duyivove.dll c:\windows\system32\fizawawe.dll c:\windows\system32\gananiro.dll c:\windows\system32\goyulake.dll c:\windows\system32\hupekepo.dll c:\windows\system32\megiheku.dll c:\windows\system32\moyomego.dll c:\windows\system32\mudiyabu.dll c:\windows\system32\ps2.bat c:\windows\system32\rabuvuti.dll c:\windows\system32\rayeboke.dll c:\windows\system32\rirurewi.dll c:\windows\system32\sevunimo.dll c:\windows\system32\takahuki.dll c:\windows\system32\vidiwupu.dll c:\windows\system32\waziroto.dll c:\windows\system32\wejureke.dll c:\windows\system32\wuwelivo.dll c:\windows\system32\yahonuyi.dll c:\windows\system32\yejimoya.dll c:\windows\system32\yulomufu.dll c:\windows\system32\zaniwimo.dll c:\windows\Tasks\upayrdrd.job D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://77.74.48.111 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NNSERV -------\Service_MyWebSearchService -------\Service_NNServ ((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 ))))))))))))))))))))))))))))))) . 2009-11-15 22:48 . 2009-11-15 22:48 -------- d--h--w- c:\windows\PIF 2009-11-14 20:07 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-14 20:07 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-14 20:07 . 2009-11-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-14 17:41 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-14 17:41 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-14 17:41 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-14 17:41 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\program files\Avira 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-12 01:51 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus 2009-11-12 01:51 . 2009-11-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\19551627 2009-11-12 01:51 . 2009-11-12 01:51 274 ----a-w- c:\documents and settings\All Users\Application Data\19551627\19551627.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 19:31 . 2005-05-09 18:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-01 18:36 . 2007-05-15 22:37 2454 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2009-10-05 21:02 . 2009-07-13 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-05 21:02 . 2009-01-14 23:03 -------- d-----w- c:\program files\Corel 2009-10-05 19:10 . 2009-10-29 14:48 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll 2009-10-05 19:10 . 2009-10-29 14:48 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe 2009-10-05 19:10 . 2009-10-29 14:48 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe 2009-10-05 19:10 . 2009-10-29 14:48 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll 2009-10-05 19:10 . 2009-10-29 14:48 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 168 --sh--r- c:\documents and settings\All Users\Application Data\A88E87AE21.sys 2009-10-04 21:26 . 2009-01-14 23:17 168 --sh--r- c:\documents and settings\All Users\Application Data\A88E87AE21.sys 2009-08-13 13:51 . 2009-08-13 13:51 61440 --sha-w- c:\windows\system32\gefejuro.dll 2009-08-11 13:56 . 2009-08-11 13:56 3 --sha-w- c:\windows\system32\papulihe.dll 2009-08-16 13:51 . 2009-08-16 13:51 3 --sha-w- c:\windows\system32\sejohedo.dll 2009-08-11 13:56 . 2009-08-11 13:56 3 --sha-w- c:\windows\system32\sozejudu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Compaq_Owner\\My Documents\\My Music\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWREM32.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\logon.scr"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35901:TCP"= 35901:TCP:PORT_35901 "36015:TCP"= 36015:TCP:PORT_36015 "14363:TCP"= 14363:TCP:PORT_14363 "14137:TCP"= 14137:TCP:PORT_14137 "58300:TCP"= 58300:TCP:PORT_58300 "42810:TCP"= 42810:TCP:PORT_42810 "27547:TCP"= 27547:TCP:PORT_27547 "56336:TCP"= 56336:TCP:PORT_56336 "16721:TCP"= 16721:TCP:PORT_16721 "52740:TCP"= 52740:TCP:PORT_52740 "58344:TCP"= 58344:TCP:PORT_58344 "37975:TCP"= 37975:TCP:PORT_37975 "16535:TCP"= 16535:TCP:PORT_16535 "60000:TCP"= 60000:TCP:PORT_60000 "52194:TCP"= 52194:TCP:PORT_52194 "60121:TCP"= 60121:TCP:PORT_60121 "33836:TCP"= 33836:TCP:PORT_33836 "45680:TCP"= 45680:TCP:PORT_45680 "53493:TCP"= 53493:TCP:PORT_53493 "8465:TCP"= 8465:TCP:PORT_8465 "57886:TCP"= 57886:TCP:PORT_57886 "50953:TCP"= 50953:TCP:PORT_50953 "32593:TCP"= 32593:TCP:PORT_32593 "48895:TCP"= 48895:TCP:PORT_48895 "49556:TCP"= 49556:TCP:PORT_49556 "17866:TCP"= 17866:TCP:PORT_17866 "20763:TCP"= 20763:TCP:PORT_20763 "58961:TCP"= 58961:TCP:PORT_58961 "49295:TCP"= 49295:TCP:PORT_49295 "60754:TCP"= 60754:TCP:PORT_60754 "26600:TCP"= 26600:TCP:PORT_26600 "49785:TCP"= 49785:TCP:PORT_49785 "19176:TCP"= 19176:TCP:PORT_19176 "13326:TCP"= 13326:TCP:PORT_13326 "23700:TCP"= 23700:TCP:PORT_23700 "35161:TCP"= 35161:TCP:PORT_35161 "27641:TCP"= 27641:TCP:PORT_27641 "7540:TCP"= 7540:TCP:PORT_7540 "55399:TCP"= 55399:TCP:PORT_55399 "33367:TCP"= 33367:TCP:PORT_33367 "38863:TCP"= 38863:TCP:PORT_38863 "11030:TCP"= 11030:TCP:PORT_11030 "23228:TCP"= 23228:TCP:PORT_23228 "55170:TCP"= 55170:TCP:PORT_55170 "43521:TCP"= 43521:TCP:PORT_43521 "48700:TCP"= 48700:TCP:PORT_48700 "17594:TCP"= 17594:TCP:PORT_17594 "26996:TCP"= 26996:TCP:PORT_26996 "15350:TCP"= 15350:TCP:PORT_15350 "34606:TCP"= 34606:TCP:PORT_34606 "63407:TCP"= 63407:TCP:PORT_63407 "35101:TCP"= 35101:TCP:PORT_35101 "9600:TCP"= 9600:TCP:PORT_9600 "58883:TCP"= 58883:TCP:PORT_58883 "18320:TCP"= 18320:TCP:PORT_18320 "7188:TCP"= 7188:TCP:PORT_7188 "30985:TCP"= 30985:TCP:PORT_30985 "48863:TCP"= 48863:TCP:PORT_48863 "33825:TCP"= 33825:TCP:PORT_33825 "50010:TCP"= 50010:TCP:PORT_50010 "33235:TCP"= 33235:TCP:PORT_33235 "18770:TCP"= 18770:TCP:PORT_18770 "56004:TCP"= 56004:TCP:PORT_56004 "20825:TCP"= 20825:TCP:PORT_20825 "35879:TCP"= 35879:TCP:PORT_35879 "15121:TCP"= 15121:TCP:PORT_15121 "15236:TCP"= 15236:TCP:PORT_15236 "44825:TCP"= 44825:TCP:PORT_44825 "5457:TCP"= 5457:TCP:PORT_5457 "40083:TCP"= 40083:TCP:PORT_40083 "26973:TCP"= 26973:TCP:PORT_26973 "54255:TCP"= 54255:TCP:PORT_54255 "46961:TCP"= 46961:TCP:PORT_46961 "23988:TCP"= 23988:TCP:PORT_23988 "5461:TCP"= 5461:TCP:PORT_5461 "53852:TCP"= 53852:TCP:PORT_53852 "31645:TCP"= 31645:TCP:PORT_31645 "62654:TCP"= 62654:TCP:PORT_62654 "63219:TCP"= 63219:TCP:PORT_63219 "7469:TCP"= 7469:TCP:PORT_7469 "63582:TCP"= 63582:TCP:PORT_63582 "24243:TCP"= 24243:TCP:PORT_24243 "18208:TCP"= 18208:TCP:PORT_18208 "61547:TCP"= 61547:TCP:PORT_61547 "54583:TCP"= 54583:TCP:PORT_54583 "5805:TCP"= 5805:TCP:PORT_5805 "63617:TCP"= 63617:TCP:PORT_63617 "45241:TCP"= 45241:TCP:PORT_45241 "30005:TCP"= 30005:TCP:PORT_30005 "61763:TCP"= 61763:TCP:PORT_61763 "14190:TCP"= 14190:TCP:PORT_14190 "39607:TCP"= 39607:TCP:PORT_39607 "38645:TCP"= 38645:TCP:PORT_38645 "30931:TCP"= 30931:TCP:PORT_30931 "5848:TCP"= 5848:TCP:PORT_5848 "45395:TCP"= 45395:TCP:PORT_45395 "19191:TCP"= 19191:TCP:PORT_19191 "14078:TCP"= 14078:TCP:PORT_14078 "30137:TCP"= 30137:TCP:PORT_30137 "64565:TCP"= 64565:TCP:PORT_64565 "18523:TCP"= 18523:TCP:PORT_18523 "22610:TCP"= 22610:TCP:PORT_22610 "27395:TCP"= 27395:TCP:PORT_27395 "8133:TCP"= 8133:TCP:PORT_8133 "22043:TCP"= 22043:TCP:PORT_22043 "53461:TCP"= 53461:TCP:PORT_53461 "28260:TCP"= 28260:TCP:PORT_28260 "63226:TCP"= 63226:TCP:PORT_63226 "38466:TCP"= 38466:TCP:PORT_38466 "21759:TCP"= 21759:TCP:PORT_21759 "59818:TCP"= 59818:TCP:PORT_59818 "6578:TCP"= 6578:TCP:PORT_6578 "41098:TCP"= 41098:TCP:PORT_41098 "34255:TCP"= 34255:TCP:PORT_34255 "15219:TCP"= 15219:TCP:PORT_15219 "45707:TCP"= 45707:TCP:PORT_45707 "23075:TCP"= 23075:TCP:PORT_23075 "40066:TCP"= 40066:TCP:PORT_40066 "30776:TCP"= 30776:TCP:PORT_30776 "34940:TCP"= 34940:TCP:PORT_34940 "61588:TCP"= 61588:TCP:PORT_61588 "26790:TCP"= 26790:TCP:PORT_26790 "24665:TCP"= 24665:TCP:PORT_24665 "57149:TCP"= 57149:TCP:PORT_57149 "24667:TCP"= 24667:TCP:PORT_24667 "43656:TCP"= 43656:TCP:PORT_43656 "10076:TCP"= 10076:TCP:PORT_10076 "35184:TCP"= 35184:TCP:PORT_35184 "31688:TCP"= 31688:TCP:PORT_31688 "32223:TCP"= 32223:TCP:PORT_32223 "59961:TCP"= 59961:TCP:PORT_59961 "21681:TCP"= 21681:TCP:PORT_21681 "12373:TCP"= 12373:TCP:PORT_12373 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/14/2009 12:41 PM 108289] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [3/26/2009 6:17 PM 500736] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-16 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-09 07:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=4yqASPdNIn_oD0adXidsGA uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: {7DB16D75-9859-40C9-B40B-556A19E4868C} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=4yqASPdNIn_oD0adXidsGA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, . - - - - ORPHANS REMOVED - - - - BHO-{028213f1-d143-48b1-bf5e-afa283a4e5f3} - yahonuyi.dll HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe HKLM-Run-hovikoges - c:\windows\system32\wuwelivo.dll HKLM-Run-mutiguvahe - buborefu.dll SharedTaskScheduler-{f209b149-63dd-45e3-815e-a92227921d46} - c:\windows\system32\wuwelivo.dll SSODL-nitokigis-{f209b149-63dd-45e3-815e-a92227921d46} - c:\windows\system32\wuwelivo.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 19:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508) c:\windows\system32\awgina.dll - - - - - - - > 'Explorer.EXE'(384) c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\rundll32.exe c:\windows\system32\Rundll32.exe c:\windows\system32\Rundll32.exe c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE c:\program files\AIM6\aolsoftware.exe c:\program files\Java\jre1.6.0_03\bin\jucheck.exe c:\hp\KBD\KBD.EXE c:\windows\AGRSMMSG.exe . ************************************************************************** . Completion time: 2009-11-16 19:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-17 00:36 Pre-Run: 121,415,176,192 bytes free Post-Run: 122,817,945,600 bytes free - - End Of File - - 79D363ACBE935FFC8BC2F7E9EAD79081
-
ok combofix finished the scan and rebooted my computer , i had disable avira just like you told me before i run combofix, but when it came back on avira was enable and detected a virus or program call (HEUR/CRYPTED.E) and on the toolbar on the bottom i get rundll a couple of times. im in another computer now so i havent touch anything there, is my dauther computer the one with the problem. what should i do, and also the screen of combofix is open it says that is prepering log but due to avira it looks frozen
-
and another thing i forgot to tell you im also geting a lot of popups
-
the situation i have is that it doesnt let me download or run hjti , so i cant do anything with hjti sorry it took me so long to reply. and thanks for your time
-
can it be because im runing avira scan for more virus? done it 3 times and it has found about 95 virus since yesterday. thank you for your time and help
-
i try to instal the hijack but it does not let me the screen is blank and it does not give me the option to open or instal the hijack
-
i try to open malware to do a scan and it doesnt do anything , i uninstaled malwarebites and reinstaled it and it still does not open. can someone help me with this problem thank you