jv308

i cant open mbam since i was serfing the web and a pop up of xp internet security 2012 pop up and it doesnt let me do anuthing ,i click on the mbam icon and nothing hapens . i realy appreciate if someone can help me with this problem thank you

i fix the problem i had thanks to the easy fix on this forum thank you guys

i cant open malwarebytes on my dauthers computer , and evrytime i try to open something a pop up comes up.is there anything i can do?

thank you so much you have been great help

im going to do a full scan with malwarebytes now

hello kenny everything is running perfect you are the man i cannot thank you enough

hello kenny ok here is the log you ask for ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e89e859572c25744950cd86cfaa9b6da # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-19 02:52:46 # local_time=2009-11-18 09:52:46 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 100 0 34923830 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=95900 # found=7 # cleaned=0 # scan_time=4576 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{04B647D3-CB3E-4201-A21F-C520B3A24099}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{14E1383C-C500-4942-8DA8-665B59BD12A9}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{49A6E52E-633A-408F-A4B2-AB2D28EC4A9C}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{720A5347-E6C1-49B4-8030-5A74FDA9FCA0}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Downloaded Installations\{CA338DD3-EAF5-488C-9A2C-D7D35A6F8170}\EA Link.msi probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\gefejuro.dll.vir a variant of Win32/Kryptik.BBO trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1516\A0199071.dll a variant of Win32/Kryptik.BBO trojan 00000000000000000000000000000000 I

hello, kenny here is the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:51 PM, on 11/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/...NIn_oD0adXidsGA R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178754039255 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB16D75-9859-40C9-B40B-556A19E4868C}: NameServer = 4.2.2.1,4.2.2.2 O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://i71.photobucket.com/albums/i142/jig...flyfairysad.jpg -- End of file - 9448 bytes

hello kenny ok here is the log from the quick scan Malwarebytes' Anti-Malware 1.41 Database version: 3195 Windows 5.1.2600 Service Pack 2 11/18/2009 5:40:21 PM mbam-log-2009-11-18 (17-40-21).txt Scan type: Quick Scan Objects scanned: 99912 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\19551627 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\19551627\19551627.bat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Owner\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

HELLO KENNY i try to run mbam-clean.exe but i get an error that reads " shgetvalue failed with error code 0 "

by the way the only thing i see from symantec is the live update ; should i delete that also? thank you again for your help and time

hello kenny ok its done here is the log from combofix ComboFix 09-11-18.04 - Compaq_Owner 11/17/2009 17:37.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.96 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\All Users\Application Data\A88E87AE21.sys" "c:\windows\system32\gefejuro.dll" "c:\windows\system32\papulihe.dll" "c:\windows\system32\sejohedo.dll" "c:\windows\system32\sozejudu.dll" "c:\windows\system32\wuwelivo.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\A88E87AE21.sys c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus c:\windows\system32\gefejuro.dll c:\windows\system32\papulihe.dll c:\windows\system32\sejohedo.dll c:\windows\system32\sozejudu.dll . ((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 ))))))))))))))))))))))))))))))) . 2009-11-17 19:10 . 2009-11-17 19:13 -------- d-----w- c:\windows\LastGood 2009-11-17 08:03 . 2009-11-17 08:03 -------- d-----w- c:\windows\ServicePackFiles 2009-11-15 22:48 . 2009-11-15 22:48 -------- d--h--w- c:\windows\PIF 2009-11-14 20:07 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-14 20:07 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-14 20:07 . 2009-11-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-14 17:41 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-14 17:41 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-14 17:41 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-14 17:41 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\program files\Avira 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-12 01:51 . 2009-11-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\19551627 2009-11-12 01:51 . 2009-11-12 01:51 274 ----a-w- c:\documents and settings\All Users\Application Data\19551627\19551627.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-17 22:17 . 2005-05-09 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-11-17 22:17 . 2005-05-09 18:03 -------- d-----w- c:\program files\Symantec 2009-11-14 19:31 . 2005-05-09 18:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-01 18:36 . 2007-05-15 22:37 2454 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2009-10-05 21:02 . 2009-07-13 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-05 21:02 . 2009-01-14 23:03 -------- d-----w- c:\program files\Corel 2009-10-05 19:10 . 2009-10-29 14:48 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll 2009-10-05 19:10 . 2009-10-29 14:48 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe 2009-10-05 19:10 . 2009-10-29 14:48 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe 2009-10-05 19:10 . 2009-10-29 14:48 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll 2009-10-05 19:10 . 2009-10-29 14:48 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-17_00.09.18 ))))))))))))))))))))))))))))))))))))))))) . + 2005-05-26 08:16 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll + 2004-08-04 12:00 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll + 2004-08-04 12:00 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe - 2005-08-13 03:27 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe + 2005-08-13 03:27 . 2007-07-27 15:41 26488 c:\windows\system32\spupdsvc.exe + 2008-07-19 03:11 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll - 2008-07-19 03:11 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll + 2009-11-17 00:21 . 2009-08-07 00:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-11-17 00:21 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll - 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll + 2006-11-08 02:03 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll - 2006-11-08 02:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll - 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll + 2006-11-07 08:26 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe - 2006-11-07 08:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe - 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll - 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe + 2006-10-17 16:58 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll - 2006-10-17 16:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll + 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\fontsub.dll + 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys + 2004-08-04 12:00 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll + 2004-08-04 12:00 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll + 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe + 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll - 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll - 2007-05-09 20:46 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2007-05-09 20:46 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll + 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys - 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-04 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll - 2007-05-09 20:46 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe + 2007-05-09 20:46 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe + 2004-08-04 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll - 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll + 2004-08-04 12:00 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll - 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-04 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe - 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll + 2007-08-20 10:04 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll + 2004-08-04 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll + 2004-08-04 12:00 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll - 2004-08-04 12:00 . 2007-01-09 00:01 17408 c:\windows\system32\dllcache\corpol.dll + 2004-08-04 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\dllcache\avifil32.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-04 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\avifil32.dll - 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\atl.dll + 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe - 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe - 2005-05-09 17:38 . 2009-06-11 07:07 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2005-05-09 17:38 . 2009-11-17 08:16 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2005-05-09 17:38 . 2009-11-17 08:16 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2006-12-02 00:22 . 2009-06-11 07:07 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2006-12-02 00:22 . 2009-11-17 08:07 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2007-03-22 22:07 . 2007-03-22 22:07 78168 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL + 2007-03-22 22:07 . 2007-03-22 22:07 41824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL + 2007-03-22 22:07 . 2007-03-22 22:07 91488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll + 2009-11-17 08:08 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll + 2009-11-17 08:08 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll + 2009-11-17 08:08 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe + 2009-11-17 08:08 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll + 2009-11-17 08:08 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll + 2009-11-17 08:08 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe + 2009-11-17 08:08 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll + 2009-11-17 08:08 . 2007-01-09 00:01 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll + 2009-11-17 08:05 . 2009-11-17 08:05 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c920bfe2\System.Drawing.Design.dll + 2009-11-17 08:05 . 2009-11-17 08:05 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_dae9040b\CustomMarshalers.dll - 2005-05-09 17:38 . 2009-06-11 07:07 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2004-08-04 12:00 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll + 2004-08-04 12:00 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll + 2004-08-04 12:00 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll + 2004-08-04 11:00 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll + 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\wmpdxm.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll - 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll - 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll - 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll + 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\t2embed.dll + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll - 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll + 2005-05-26 08:19 . 2009-08-07 00:23 215920 c:\windows\system32\muweb.dll + 2007-05-10 19:34 . 2009-08-07 00:23 274288 c:\windows\system32\mucltui.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll + 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll - 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll - 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll - 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll - 2006-11-08 02:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll + 2006-11-08 02:03 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll + 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll - 2006-10-17 16:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll + 2006-10-17 16:57 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll - 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll + 2006-10-17 16:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll - 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll - 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll - 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll - 2005-01-27 04:56 . 2009-06-11 07:13 189000 c:\windows\system32\FNTCACHE.DAT + 2005-01-27 04:56 . 2009-11-17 08:33 189000 c:\windows\system32\FNTCACHE.DAT + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll - 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll - 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll + 2004-08-04 12:00 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2004-08-04 12:00 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2004-08-04 12:00 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2004-08-04 11:00 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-04 11:00 . 2009-07-13 15:08 286720 c:\windows\system32\dllcache\wmpdxm.dll - 2004-08-04 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-04 11:00 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll + 2004-08-04 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll - 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll + 2004-08-04 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll - 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll + 2004-08-04 12:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll - 2004-08-04 12:00 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll + 2004-08-04 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll + 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll - 2004-08-04 12:00 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll + 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll + 2004-08-04 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll - 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll + 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll + 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll + 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll + 2004-08-04 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll - 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll + 2004-08-04 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll - 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll + 2004-08-04 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll + 2007-05-09 20:46 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll - 2007-05-09 20:46 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll + 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll + 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll + 2004-08-04 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll + 2004-08-04 12:00 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe - 2007-05-09 20:46 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll + 2007-05-09 20:46 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll + 2004-08-04 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll - 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll + 2007-05-09 20:46 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll - 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll + 2004-08-04 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll - 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll + 2004-08-04 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll - 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll + 2004-08-04 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll - 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2004-08-04 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll - 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll - 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll + 2004-08-04 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll - 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2009-11-17 19:10 . 2008-10-16 19:06 208744 c:\windows\LastGood\system32\muweb.dll + 2009-11-17 19:10 . 2008-10-16 19:06 268648 c:\windows\LastGood\system32\mucltui.dll + 2009-11-17 08:03 . 2009-11-17 08:03 195584 c:\windows\Installer\1b31c14.msi - 2005-05-09 17:38 . 2009-06-11 07:07 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2005-05-09 17:38 . 2009-11-17 08:16 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2005-05-09 17:38 . 2009-06-11 07:07 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-05-09 17:38 . 2009-06-11 07:07 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2005-05-09 17:38 . 2009-06-11 07:07 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2005-05-09 17:38 . 2009-11-17 08:16 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2005-05-09 17:38 . 2009-06-11 07:07 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2005-05-09 17:38 . 2009-11-17 08:16 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2006-12-02 00:22 . 2009-11-17 08:07 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-12-02 00:22 . 2009-06-11 07:07 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-03-22 22:22 . 2007-03-22 22:22 103264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL + 2008-07-14 07:05 . 2008-07-14 07:05 464272 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11PIA.DLL + 2007-04-19 17:53 . 2007-04-19 17:53 109408 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL + 2003-07-15 17:18 . 2003-07-15 17:18 141360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ATP.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll + 2009-11-17 08:08 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll + 2009-11-17 08:08 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB974455-IE7\url.dll + 2009-11-17 08:08 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll + 2009-11-17 08:08 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe + 2009-11-17 08:08 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll + 2009-11-17 08:08 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll + 2009-11-17 08:08 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll + 2009-11-17 08:08 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll + 2009-11-17 08:08 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll + 2009-11-17 08:08 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB974455-IE7\iexplore.exe + 2009-11-17 08:08 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll + 2009-11-17 08:08 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll + 2009-11-17 08:08 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll + 2009-11-17 08:08 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll + 2009-11-17 08:08 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll + 2009-11-17 08:08 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll + 2009-11-17 08:08 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll + 2009-11-17 08:08 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll + 2009-11-17 08:08 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll + 2009-11-17 08:08 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll + 2009-11-17 08:06 . 2009-11-17 08:06 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e6d90fd1\System.Drawing.dll + 2009-11-17 08:06 . 2009-11-17 08:06 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_12e0160f\System.Drawing.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5b9ea10f\CustomMarshalers.dll + 2009-11-17 08:13 . 2009-11-17 08:13 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll + 2009-11-17 00:39 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll + 2004-08-04 12:00 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll - 2004-08-04 11:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 11:00 . 2009-05-20 09:56 2458112 c:\windows\system32\WMVCore.dll + 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\wmp.dll - 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll + 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys + 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll - 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll + 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll + 2004-08-04 12:00 . 2009-08-04 14:00 2180352 c:\windows\system32\ntoskrnl.exe - 2004-08-04 18:00 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 18:00 . 2009-08-04 13:13 2057728 c:\windows\system32\ntkrnlpa.exe + 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll + 2006-11-08 02:03 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll + 2006-09-06 04:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat + 2009-08-05 00:52 . 2009-08-05 00:52 1193832 c:\windows\system32\FM20.DLL + 2004-08-04 12:00 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2004-08-04 11:00 . 2009-05-20 09:56 2458112 c:\windows\system32\dllcache\WMVCore.dll - 2004-08-04 11:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll + 2004-08-04 11:00 . 2009-07-13 15:08 5537792 c:\windows\system32\dllcache\wmp.dll - 2004-08-04 11:00 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll + 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys + 2004-08-04 11:00 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll + 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll - 2004-08-04 12:00 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll + 2004-08-04 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll + 2006-12-19 14:17 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe + 2006-12-19 12:55 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe - 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 12:55 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe + 2006-12-19 14:15 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe - 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-04 12:00 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll + 2004-08-04 11:00 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll + 2007-05-09 20:46 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll + 2007-05-09 20:46 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll - 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-08-21 15:14 . 2009-08-21 15:14 8363008 c:\windows\Installer\1b31cc9.msp + 2009-08-20 10:02 . 2009-08-20 10:02 5204992 c:\windows\Installer\1b31cb0.msp + 2009-10-22 17:46 . 2009-10-22 17:46 6821888 c:\windows\Installer\1b31c9d.msp + 2009-07-01 18:21 . 2009-07-01 18:21 8891904 c:\windows\Installer\1b31c89.msp + 2009-10-06 23:40 . 2009-10-06 23:40 7681024 c:\windows\Installer\1b31c74.msp + 2009-08-25 15:59 . 2009-08-25 15:59 3731456 c:\windows\Installer\1b31c61.msp + 2009-09-29 14:08 . 2009-09-29 14:08 6747648 c:\windows\Installer\1b31c50.msp + 2009-10-22 17:28 . 2009-10-22 17:28 5521408 c:\windows\Installer\1b31c26.msp + 2007-05-10 17:45 . 2007-05-10 17:45 8069464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OWC11.DLL + 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\FM20.DLL + 2009-11-17 08:08 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll + 2009-11-17 08:08 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB974455-IE7\mshtml.dll + 2009-11-17 08:08 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB974455-IE7\ieframe.dll + 2009-11-17 08:08 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat + 2005-03-02 00:59 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2005-03-02 00:34 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2005-03-02 00:34 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2005-03-02 00:57 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-11-17 08:06 . 2009-11-17 08:06 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_658763ff\System.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1b875a29\System.dll + 2009-11-17 08:06 . 2009-11-17 08:06 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_37da9ce8\System.Xml.dll + 2009-11-17 08:06 . 2009-11-17 08:06 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2e031cfa\System.Xml.dll + 2009-11-17 08:05 . 2009-11-17 08:05 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_49f3186f\System.Windows.Forms.dll + 2009-11-17 08:06 . 2009-11-17 08:06 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_30360280\System.Windows.Forms.dll + 2009-11-17 08:06 . 2009-11-17 08:06 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_16fe61dd\System.Drawing.dll + 2009-11-17 08:06 . 2009-11-17 08:06 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f3e21fd8\System.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_66320bdf\System.Design.dll + 2009-11-17 08:06 . 2009-11-17 08:06 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c6eb97d1\mscorlib.dll + 2009-11-17 08:06 . 2009-11-17 08:06 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5dc71958\mscorlib.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - 2007-07-11 07:02 . 2007-07-11 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-11-17 08:05 . 2009-11-17 08:05 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2007-07-11 07:02 . 2007-07-11 07:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-11-17 08:10 . 2009-11-05 14:36 26768832 c:\windows\system32\MRT.exe + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-07-01 18:19 . 2009-07-01 18:19 10607104 c:\windows\Installer\1b31c8a.msp + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\1b31c3e.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Compaq_Owner\\My Documents\\My Music\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\logon.scr"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35901:TCP"= 35901:TCP:PORT_35901 "36015:TCP"= 36015:TCP:PORT_36015 "14363:TCP"= 14363:TCP:PORT_14363 "14137:TCP"= 14137:TCP:PORT_14137 "58300:TCP"= 58300:TCP:PORT_58300 "42810:TCP"= 42810:TCP:PORT_42810 "27547:TCP"= 27547:TCP:PORT_27547 "56336:TCP"= 56336:TCP:PORT_56336 "16721:TCP"= 16721:TCP:PORT_16721 "52740:TCP"= 52740:TCP:PORT_52740 "58344:TCP"= 58344:TCP:PORT_58344 "37975:TCP"= 37975:TCP:PORT_37975 "16535:TCP"= 16535:TCP:PORT_16535 "60000:TCP"= 60000:TCP:PORT_60000 "52194:TCP"= 52194:TCP:PORT_52194 "60121:TCP"= 60121:TCP:PORT_60121 "33836:TCP"= 33836:TCP:PORT_33836 "45680:TCP"= 45680:TCP:PORT_45680 "53493:TCP"= 53493:TCP:PORT_53493 "8465:TCP"= 8465:TCP:PORT_8465 "57886:TCP"= 57886:TCP:PORT_57886 "50953:TCP"= 50953:TCP:PORT_50953 "32593:TCP"= 32593:TCP:PORT_32593 "48895:TCP"= 48895:TCP:PORT_48895 "49556:TCP"= 49556:TCP:PORT_49556 "17866:TCP"= 17866:TCP:PORT_17866 "20763:TCP"= 20763:TCP:PORT_20763 "58961:TCP"= 58961:TCP:PORT_58961 "49295:TCP"= 49295:TCP:PORT_49295 "60754:TCP"= 60754:TCP:PORT_60754 "26600:TCP"= 26600:TCP:PORT_26600 "49785:TCP"= 49785:TCP:PORT_49785 "19176:TCP"= 19176:TCP:PORT_19176 "13326:TCP"= 13326:TCP:PORT_13326 "23700:TCP"= 23700:TCP:PORT_23700 "35161:TCP"= 35161:TCP:PORT_35161 "27641:TCP"= 27641:TCP:PORT_27641 "7540:TCP"= 7540:TCP:PORT_7540 "55399:TCP"= 55399:TCP:PORT_55399 "33367:TCP"= 33367:TCP:PORT_33367 "38863:TCP"= 38863:TCP:PORT_38863 "11030:TCP"= 11030:TCP:PORT_11030 "23228:TCP"= 23228:TCP:PORT_23228 "55170:TCP"= 55170:TCP:PORT_55170 "43521:TCP"= 43521:TCP:PORT_43521 "48700:TCP"= 48700:TCP:PORT_48700 "17594:TCP"= 17594:TCP:PORT_17594 "26996:TCP"= 26996:TCP:PORT_26996 "15350:TCP"= 15350:TCP:PORT_15350 "34606:TCP"= 34606:TCP:PORT_34606 "63407:TCP"= 63407:TCP:PORT_63407 "35101:TCP"= 35101:TCP:PORT_35101 "9600:TCP"= 9600:TCP:PORT_9600 "58883:TCP"= 58883:TCP:PORT_58883 "18320:TCP"= 18320:TCP:PORT_18320 "7188:TCP"= 7188:TCP:PORT_7188 "30985:TCP"= 30985:TCP:PORT_30985 "48863:TCP"= 48863:TCP:PORT_48863 "33825:TCP"= 33825:TCP:PORT_33825 "50010:TCP"= 50010:TCP:PORT_50010 "33235:TCP"= 33235:TCP:PORT_33235 "18770:TCP"= 18770:TCP:PORT_18770 "56004:TCP"= 56004:TCP:PORT_56004 "20825:TCP"= 20825:TCP:PORT_20825 "35879:TCP"= 35879:TCP:PORT_35879 "15121:TCP"= 15121:TCP:PORT_15121 "15236:TCP"= 15236:TCP:PORT_15236 "44825:TCP"= 44825:TCP:PORT_44825 "5457:TCP"= 5457:TCP:PORT_5457 "40083:TCP"= 40083:TCP:PORT_40083 "26973:TCP"= 26973:TCP:PORT_26973 "54255:TCP"= 54255:TCP:PORT_54255 "46961:TCP"= 46961:TCP:PORT_46961 "23988:TCP"= 23988:TCP:PORT_23988 "5461:TCP"= 5461:TCP:PORT_5461 "53852:TCP"= 53852:TCP:PORT_53852 "31645:TCP"= 31645:TCP:PORT_31645 "62654:TCP"= 62654:TCP:PORT_62654 "63219:TCP"= 63219:TCP:PORT_63219 "7469:TCP"= 7469:TCP:PORT_7469 "63582:TCP"= 63582:TCP:PORT_63582 "24243:TCP"= 24243:TCP:PORT_24243 "18208:TCP"= 18208:TCP:PORT_18208 "61547:TCP"= 61547:TCP:PORT_61547 "54583:TCP"= 54583:TCP:PORT_54583 "5805:TCP"= 5805:TCP:PORT_5805 "63617:TCP"= 63617:TCP:PORT_63617 "45241:TCP"= 45241:TCP:PORT_45241 "30005:TCP"= 30005:TCP:PORT_30005 "61763:TCP"= 61763:TCP:PORT_61763 "14190:TCP"= 14190:TCP:PORT_14190 "39607:TCP"= 39607:TCP:PORT_39607 "38645:TCP"= 38645:TCP:PORT_38645 "30931:TCP"= 30931:TCP:PORT_30931 "5848:TCP"= 5848:TCP:PORT_5848 "45395:TCP"= 45395:TCP:PORT_45395 "19191:TCP"= 19191:TCP:PORT_19191 "14078:TCP"= 14078:TCP:PORT_14078 "30137:TCP"= 30137:TCP:PORT_30137 "64565:TCP"= 64565:TCP:PORT_64565 "18523:TCP"= 18523:TCP:PORT_18523 "22610:TCP"= 22610:TCP:PORT_22610 "27395:TCP"= 27395:TCP:PORT_27395 "8133:TCP"= 8133:TCP:PORT_8133 "22043:TCP"= 22043:TCP:PORT_22043 "53461:TCP"= 53461:TCP:PORT_53461 "28260:TCP"= 28260:TCP:PORT_28260 "63226:TCP"= 63226:TCP:PORT_63226 "38466:TCP"= 38466:TCP:PORT_38466 "21759:TCP"= 21759:TCP:PORT_21759 "59818:TCP"= 59818:TCP:PORT_59818 "6578:TCP"= 6578:TCP:PORT_6578 "41098:TCP"= 41098:TCP:PORT_41098 "34255:TCP"= 34255:TCP:PORT_34255 "15219:TCP"= 15219:TCP:PORT_15219 "45707:TCP"= 45707:TCP:PORT_45707 "23075:TCP"= 23075:TCP:PORT_23075 "40066:TCP"= 40066:TCP:PORT_40066 "30776:TCP"= 30776:TCP:PORT_30776 "34940:TCP"= 34940:TCP:PORT_34940 "61588:TCP"= 61588:TCP:PORT_61588 "26790:TCP"= 26790:TCP:PORT_26790 "24665:TCP"= 24665:TCP:PORT_24665 "57149:TCP"= 57149:TCP:PORT_57149 "24667:TCP"= 24667:TCP:PORT_24667 "43656:TCP"= 43656:TCP:PORT_43656 "10076:TCP"= 10076:TCP:PORT_10076 "35184:TCP"= 35184:TCP:PORT_35184 "31688:TCP"= 31688:TCP:PORT_31688 "32223:TCP"= 32223:TCP:PORT_32223 "59961:TCP"= 59961:TCP:PORT_59961 "21681:TCP"= 21681:TCP:PORT_21681 "12373:TCP"= 12373:TCP:PORT_12373 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/14/2009 12:41 PM 108289] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:11 PM 24652] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106] S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE --> c:\windows\PSEXESVC.EXE [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [3/26/2009 6:17 PM 500736] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-17 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-09 07:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=4yqASPdNIn_oD0adXidsGA uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: {7DB16D75-9859-40C9-B40B-556A19E4868C} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=4yqASPdNIn_oD0adXidsGA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-17 17:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(504) c:\windows\system32\awgina.dll . Completion time: 2009-11-17 17:50 ComboFix-quarantined-files.txt 2009-11-17 22:50 ComboFix2.txt 2009-11-17 00:36 Pre-Run: 122,160,410,624 bytes free Post-Run: 122,117,869,568 bytes free - - End Of File - - 6F30C7743CC9BCBAC2CFFB3860FF25ED

hello kenny thank you for your time i just did what you ask me and is telling me there is a new version of combofix ,should i update combofix?before continuing?

ok it gave the log for combofix but i cant open malwarebytes , here is the log ComboFix 09-11-17.01 - Compaq_Owner 11/16/2009 18:55.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.177 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\windows\command c:\windows\command\EXTRACT.PIF c:\windows\NDNuninstall6_38.exe c:\windows\system32\benosafi.dll c:\windows\system32\buborefu.dll c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk c:\windows\system32\config\systemprofile\Start Menu\Programs\AntiVirus Plus\EULA.url c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\AntiVirus Plus.lnk c:\windows\system32\duyivove.dll c:\windows\system32\fizawawe.dll c:\windows\system32\gananiro.dll c:\windows\system32\goyulake.dll c:\windows\system32\hupekepo.dll c:\windows\system32\megiheku.dll c:\windows\system32\moyomego.dll c:\windows\system32\mudiyabu.dll c:\windows\system32\ps2.bat c:\windows\system32\rabuvuti.dll c:\windows\system32\rayeboke.dll c:\windows\system32\rirurewi.dll c:\windows\system32\sevunimo.dll c:\windows\system32\takahuki.dll c:\windows\system32\vidiwupu.dll c:\windows\system32\waziroto.dll c:\windows\system32\wejureke.dll c:\windows\system32\wuwelivo.dll c:\windows\system32\yahonuyi.dll c:\windows\system32\yejimoya.dll c:\windows\system32\yulomufu.dll c:\windows\system32\zaniwimo.dll c:\windows\Tasks\upayrdrd.job D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://77.74.48.111 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Legacy_NNSERV -------\Service_MyWebSearchService -------\Service_NNServ ((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 ))))))))))))))))))))))))))))))) . 2009-11-15 22:48 . 2009-11-15 22:48 -------- d--h--w- c:\windows\PIF 2009-11-14 20:07 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-14 20:07 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-14 20:07 . 2009-11-14 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-14 17:41 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-14 17:41 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-14 17:41 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-14 17:41 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\program files\Avira 2009-11-14 17:41 . 2009-11-14 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-12 01:51 . 2009-11-14 19:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus 2009-11-12 01:51 . 2009-11-14 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\19551627 2009-11-12 01:51 . 2009-11-12 01:51 274 ----a-w- c:\documents and settings\All Users\Application Data\19551627\19551627.bat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 19:31 . 2005-05-09 18:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-01 18:36 . 2007-05-15 22:37 2454 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2009-10-05 21:02 . 2009-07-13 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-05 21:02 . 2009-01-14 23:03 -------- d-----w- c:\program files\Corel 2009-10-05 19:10 . 2009-10-29 14:48 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\ProgUpd.dll 2009-10-05 19:10 . 2009-10-29 14:48 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\postproc.exe 2009-10-05 19:10 . 2009-10-29 14:48 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\setup.exe 2009-10-05 19:10 . 2009-10-29 14:48 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\AOLFirewallMgr.dll 2009-10-05 19:10 . 2009-10-29 14:48 1025384 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4469.2.4\gui.dll 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-04 21:26 . 2009-01-14 23:17 168 --sh--r- c:\documents and settings\All Users\Application Data\A88E87AE21.sys 2009-10-04 21:26 . 2009-01-14 23:17 168 --sh--r- c:\documents and settings\All Users\Application Data\A88E87AE21.sys 2009-08-13 13:51 . 2009-08-13 13:51 61440 --sha-w- c:\windows\system32\gefejuro.dll 2009-08-11 13:56 . 2009-08-11 13:56 3 --sha-w- c:\windows\system32\papulihe.dll 2009-08-16 13:51 . 2009-08-16 13:51 3 --sha-w- c:\windows\system32\sejohedo.dll 2009-08-11 13:56 . 2009-08-11 13:56 3 --sha-w- c:\windows\system32\sozejudu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-01-04 49152] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Compaq_Owner\\My Documents\\My Music\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWREM32.EXE"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\logon.scr"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35901:TCP"= 35901:TCP:PORT_35901 "36015:TCP"= 36015:TCP:PORT_36015 "14363:TCP"= 14363:TCP:PORT_14363 "14137:TCP"= 14137:TCP:PORT_14137 "58300:TCP"= 58300:TCP:PORT_58300 "42810:TCP"= 42810:TCP:PORT_42810 "27547:TCP"= 27547:TCP:PORT_27547 "56336:TCP"= 56336:TCP:PORT_56336 "16721:TCP"= 16721:TCP:PORT_16721 "52740:TCP"= 52740:TCP:PORT_52740 "58344:TCP"= 58344:TCP:PORT_58344 "37975:TCP"= 37975:TCP:PORT_37975 "16535:TCP"= 16535:TCP:PORT_16535 "60000:TCP"= 60000:TCP:PORT_60000 "52194:TCP"= 52194:TCP:PORT_52194 "60121:TCP"= 60121:TCP:PORT_60121 "33836:TCP"= 33836:TCP:PORT_33836 "45680:TCP"= 45680:TCP:PORT_45680 "53493:TCP"= 53493:TCP:PORT_53493 "8465:TCP"= 8465:TCP:PORT_8465 "57886:TCP"= 57886:TCP:PORT_57886 "50953:TCP"= 50953:TCP:PORT_50953 "32593:TCP"= 32593:TCP:PORT_32593 "48895:TCP"= 48895:TCP:PORT_48895 "49556:TCP"= 49556:TCP:PORT_49556 "17866:TCP"= 17866:TCP:PORT_17866 "20763:TCP"= 20763:TCP:PORT_20763 "58961:TCP"= 58961:TCP:PORT_58961 "49295:TCP"= 49295:TCP:PORT_49295 "60754:TCP"= 60754:TCP:PORT_60754 "26600:TCP"= 26600:TCP:PORT_26600 "49785:TCP"= 49785:TCP:PORT_49785 "19176:TCP"= 19176:TCP:PORT_19176 "13326:TCP"= 13326:TCP:PORT_13326 "23700:TCP"= 23700:TCP:PORT_23700 "35161:TCP"= 35161:TCP:PORT_35161 "27641:TCP"= 27641:TCP:PORT_27641 "7540:TCP"= 7540:TCP:PORT_7540 "55399:TCP"= 55399:TCP:PORT_55399 "33367:TCP"= 33367:TCP:PORT_33367 "38863:TCP"= 38863:TCP:PORT_38863 "11030:TCP"= 11030:TCP:PORT_11030 "23228:TCP"= 23228:TCP:PORT_23228 "55170:TCP"= 55170:TCP:PORT_55170 "43521:TCP"= 43521:TCP:PORT_43521 "48700:TCP"= 48700:TCP:PORT_48700 "17594:TCP"= 17594:TCP:PORT_17594 "26996:TCP"= 26996:TCP:PORT_26996 "15350:TCP"= 15350:TCP:PORT_15350 "34606:TCP"= 34606:TCP:PORT_34606 "63407:TCP"= 63407:TCP:PORT_63407 "35101:TCP"= 35101:TCP:PORT_35101 "9600:TCP"= 9600:TCP:PORT_9600 "58883:TCP"= 58883:TCP:PORT_58883 "18320:TCP"= 18320:TCP:PORT_18320 "7188:TCP"= 7188:TCP:PORT_7188 "30985:TCP"= 30985:TCP:PORT_30985 "48863:TCP"= 48863:TCP:PORT_48863 "33825:TCP"= 33825:TCP:PORT_33825 "50010:TCP"= 50010:TCP:PORT_50010 "33235:TCP"= 33235:TCP:PORT_33235 "18770:TCP"= 18770:TCP:PORT_18770 "56004:TCP"= 56004:TCP:PORT_56004 "20825:TCP"= 20825:TCP:PORT_20825 "35879:TCP"= 35879:TCP:PORT_35879 "15121:TCP"= 15121:TCP:PORT_15121 "15236:TCP"= 15236:TCP:PORT_15236 "44825:TCP"= 44825:TCP:PORT_44825 "5457:TCP"= 5457:TCP:PORT_5457 "40083:TCP"= 40083:TCP:PORT_40083 "26973:TCP"= 26973:TCP:PORT_26973 "54255:TCP"= 54255:TCP:PORT_54255 "46961:TCP"= 46961:TCP:PORT_46961 "23988:TCP"= 23988:TCP:PORT_23988 "5461:TCP"= 5461:TCP:PORT_5461 "53852:TCP"= 53852:TCP:PORT_53852 "31645:TCP"= 31645:TCP:PORT_31645 "62654:TCP"= 62654:TCP:PORT_62654 "63219:TCP"= 63219:TCP:PORT_63219 "7469:TCP"= 7469:TCP:PORT_7469 "63582:TCP"= 63582:TCP:PORT_63582 "24243:TCP"= 24243:TCP:PORT_24243 "18208:TCP"= 18208:TCP:PORT_18208 "61547:TCP"= 61547:TCP:PORT_61547 "54583:TCP"= 54583:TCP:PORT_54583 "5805:TCP"= 5805:TCP:PORT_5805 "63617:TCP"= 63617:TCP:PORT_63617 "45241:TCP"= 45241:TCP:PORT_45241 "30005:TCP"= 30005:TCP:PORT_30005 "61763:TCP"= 61763:TCP:PORT_61763 "14190:TCP"= 14190:TCP:PORT_14190 "39607:TCP"= 39607:TCP:PORT_39607 "38645:TCP"= 38645:TCP:PORT_38645 "30931:TCP"= 30931:TCP:PORT_30931 "5848:TCP"= 5848:TCP:PORT_5848 "45395:TCP"= 45395:TCP:PORT_45395 "19191:TCP"= 19191:TCP:PORT_19191 "14078:TCP"= 14078:TCP:PORT_14078 "30137:TCP"= 30137:TCP:PORT_30137 "64565:TCP"= 64565:TCP:PORT_64565 "18523:TCP"= 18523:TCP:PORT_18523 "22610:TCP"= 22610:TCP:PORT_22610 "27395:TCP"= 27395:TCP:PORT_27395 "8133:TCP"= 8133:TCP:PORT_8133 "22043:TCP"= 22043:TCP:PORT_22043 "53461:TCP"= 53461:TCP:PORT_53461 "28260:TCP"= 28260:TCP:PORT_28260 "63226:TCP"= 63226:TCP:PORT_63226 "38466:TCP"= 38466:TCP:PORT_38466 "21759:TCP"= 21759:TCP:PORT_21759 "59818:TCP"= 59818:TCP:PORT_59818 "6578:TCP"= 6578:TCP:PORT_6578 "41098:TCP"= 41098:TCP:PORT_41098 "34255:TCP"= 34255:TCP:PORT_34255 "15219:TCP"= 15219:TCP:PORT_15219 "45707:TCP"= 45707:TCP:PORT_45707 "23075:TCP"= 23075:TCP:PORT_23075 "40066:TCP"= 40066:TCP:PORT_40066 "30776:TCP"= 30776:TCP:PORT_30776 "34940:TCP"= 34940:TCP:PORT_34940 "61588:TCP"= 61588:TCP:PORT_61588 "26790:TCP"= 26790:TCP:PORT_26790 "24665:TCP"= 24665:TCP:PORT_24665 "57149:TCP"= 57149:TCP:PORT_57149 "24667:TCP"= 24667:TCP:PORT_24667 "43656:TCP"= 43656:TCP:PORT_43656 "10076:TCP"= 10076:TCP:PORT_10076 "35184:TCP"= 35184:TCP:PORT_35184 "31688:TCP"= 31688:TCP:PORT_31688 "32223:TCP"= 32223:TCP:PORT_32223 "59961:TCP"= 59961:TCP:PORT_59961 "21681:TCP"= 21681:TCP:PORT_21681 "12373:TCP"= 12373:TCP:PORT_12373 R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/14/2009 12:41 PM 108289] S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [3/30/2004 10:29 AM 118106] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [3/26/2009 6:17 PM 500736] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-16 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-09 07:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=4yqASPdNIn_oD0adXidsGA uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: {7DB16D75-9859-40C9-B40B-556A19E4868C} = 4.2.2.1,4.2.2.2 FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=4yqASPdNIn_oD0adXidsGA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\zbxv1l4a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, . - - - - ORPHANS REMOVED - - - - BHO-{028213f1-d143-48b1-bf5e-afa283a4e5f3} - yahonuyi.dll HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe HKLM-Run-hovikoges - c:\windows\system32\wuwelivo.dll HKLM-Run-mutiguvahe - buborefu.dll SharedTaskScheduler-{f209b149-63dd-45e3-815e-a92227921d46} - c:\windows\system32\wuwelivo.dll SSODL-nitokigis-{f209b149-63dd-45e3-815e-a92227921d46} - c:\windows\system32\wuwelivo.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 19:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(508) c:\windows\system32\awgina.dll - - - - - - - > 'Explorer.EXE'(384) c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\rundll32.exe c:\windows\system32\Rundll32.exe c:\windows\system32\Rundll32.exe c:\program files\Avira\AntiVir Desktop\GUARDGUI.EXE c:\program files\AIM6\aolsoftware.exe c:\program files\Java\jre1.6.0_03\bin\jucheck.exe c:\hp\KBD\KBD.EXE c:\windows\AGRSMMSG.exe . ************************************************************************** . Completion time: 2009-11-16 19:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-17 00:36 Pre-Run: 121,415,176,192 bytes free Post-Run: 122,817,945,600 bytes free - - End Of File - - 79D363ACBE935FFC8BC2F7E9EAD79081

ok combofix finished the scan and rebooted my computer , i had disable avira just like you told me before i run combofix, but when it came back on avira was enable and detected a virus or program call (HEUR/CRYPTED.E) and on the toolbar on the bottom i get rundll a couple of times. im in another computer now so i havent touch anything there, is my dauther computer the one with the problem. what should i do, and also the screen of combofix is open it says that is prepering log but due to avira it looks frozen

and another thing i forgot to tell you im also geting a lot of popups

the situation i have is that it doesnt let me download or run hjti , so i cant do anything with hjti sorry it took me so long to reply. and thanks for your time

can it be because im runing avira scan for more virus? done it 3 times and it has found about 95 virus since yesterday. thank you for your time and help

i try to instal the hijack but it does not let me the screen is blank and it does not give me the option to open or instal the hijack

i try to open malware to do a scan and it doesnt do anything , i uninstaled malwarebites and reinstaled it and it still does not open. can someone help me with this problem thank you