Jump to content

utopian86

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by utopian86

  1. I cant upload the record audio of the symptom here. i have upload to mediafire http://www.mediafire.com/?1fgkgo45hnliwuc its a .amr file using my phone to record. Sorry for the low quality audio, from 37sec - 40 sec, the audio was buzzing and the screen freeze too and back to normal again.
  2. Hi Does anyone know how to fix this problem? While i was playing game/watching movie/ playing song, the laptop randomly freeze and buzz for 1-3sec and everything back to normal again. Some times it happen few times in an hour. I did a memtest86 on the ram for few hours, results shows fine. Did a hd tune test, results look ok too. Dell inspiron N5110 intel i7 @ 2ghz 6gb ram 500gb hdd
  3. Hi May i know how do i share folder within the network? Let say my friend desktop would like to stream video from my laptop. Im able to share when i turn off the "Password protected sharing" If i turn it on, the desktop site is asking for username and password. May i know how do i create an account for it? i cant see the option to create account.
  4. Is it possible to change wifi channel in my laptop? My ISP homegateway wifi give selection of 9-12 My sis laptop and my handphone can support up to channel 10 only. anything more than 10 cant be detected. While my new laptop is connecting to the router fine until 2 days ago it starts to act weird. It still able to detect the homegateway but unable to connect. i had to restart the laptop or gateway a few time to get it connect. So is it possible for me to lower my wifi channel in my laptop?
  5. im not sure how to use this mcafee too. kaspersky are much easy to add exclusion. i have been clicking all the button but i still cant find way to add exclusion
  6. Are u saying mbam change ur wifi settings? As far as i know, mbam wont do that. If u can't connect internet from your iphone either, its probably your wifi have been reset. try logging into your router and check the settings.
  7. i press the skip button to proceed. hopefully they both wont fight after installation
  8. other software have no problem reading it.
  9. I just bought dell inspiron 15R last week. i find it weird because i dont have the option to install language. all other language sucks as chinese, korean are displaying in squares. May i know how do i fix it? Inspiron 15R intel i7 6gb ram windows home premium sp 1
  10. Hi May i know how do i reboot to recovery console? I try using Safe mode with command prompt. Is it correct? I login using the admin account instead of my account. i enter the command that u give me but i get "Could Not Find C:\Documents and settings\Ian Lau\Desktop\Parachute"
  11. Hi I login to safe mode just now and try to delete. same error came out. Any other way to delete it?
  12. Sorry for the late reply. Been busy with uni assignment May i know how do i remove this icon in the desktop? When i try to remove it, an error will pop up.
  13. so far msn haven't react like previous yet. i have done everything except the driver updates.
  14. TechExpress link for your current results: http://www.pcpitstop.com/techexpress.asp?id=XE1WYWBN844S9WMN can't edit the previous post to add in this result
  15. Msn process is using 89-100% I cant even open any messenger windows to reply. This is happen recently. I have uninstall and install a new version this morning. same thing still happen. I'm still trying to get the pitstop scanning. its not working with both firefox and IE. DDS (Ver_10-03-17.01) - NTFSx86 Run by Ian Lau at 13:12:27.12 on Sun 08/08/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1066 [GMT 8:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\I8kfanGUI\I8kfanGUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ian Lau\Desktop\Downloads\flashget\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen uInternet Settings,ProxyServer = 203.162.183.222:80 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRunOnce: [GrpConv] grpconv.exe -o dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 IE: Se&nd to OneNote - /105 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.nanoscan.com/as/v1/cabs/asinst.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} - hxxps://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB TCP: {4641D3A1-4468-4ACD-8425-23738B380D85} = 10.1.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ianlau~1\applic~1\mozilla\firefox\profiles\ok6ho7lc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au FF - component: c:\documents and settings\ian lau\application data\mozilla\firefox\profiles\ok6ho7lc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - plugin: c:\documents and settings\ian lau\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\ian lau\application data\mozilla\firefox\profiles\ok6ho7lc.default\extensions\{bc0ae9e6-e549-4554-a222-ea083a894683}\plugins\npQuickUpload.dll FF - plugin: c:\documents and settings\ian lau\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\progra~1\meadco~1\npmeadax.dll FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-4-15 14464] R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-26 315408] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136] S2 0275011227852929mcinstcleanup;0275011227852929mcinstcleanup; [x] S2 PRTGService;PRTG Service;c:\program files\prtg traffic grapher\prtg traffic grapher.exe --> c:\program files\prtg traffic grapher\PRTG Traffic Grapher.exe [?] S2 prtgwatchservice;PRTG Watchdog;c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe --> c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe [?] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-3 131456] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-3 79104] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-4-6 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-4-6 8320] =============== Created Last 30 ================ 2010-08-08 04:44:24 0 d-----w- c:\program files\MeadCo Neptune 2010-08-07 01:37:41 0 d-----w- c:\program files\Microsoft 2010-07-19 15:47:26 0 d-----w- c:\docume~1\ianlau~1\applic~1\OpenOffice.org 2010-07-19 15:44:00 0 d-----w- c:\program files\JRE 2010-07-19 15:43:28 0 d-----w- c:\program files\OpenOffice.org 3 2010-07-19 15:42:26 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-07-19 15:42:26 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-19 15:02:55 0 d-----w- c:\program files\MSECache 2010-07-17 12:26:11 0 d-----w- c:\program files\Counter-Strike 1.6 2010-07-14 09:39:07 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 13:05:29 482408 ----a-w- c:\windows\ssndii.exe 2010-07-12 13:05:26 0 d-----w- c:\program files\SamsungPrinterLiveUpdate 2010-07-12 13:05:21 0 d-----w- c:\windows\Samsung 2010-07-12 13:04:19 361 ----a-w- c:\windows\system32\ssp7ml3.smt 2010-07-12 13:04:19 26624 ----a-w- c:\windows\system32\ssp7ml3.dll 2010-07-12 13:04:00 65536 ----a-w- c:\windows\system32\ssp7mci.dll 2010-07-12 13:04:00 151552 ----a-w- c:\windows\system32\ssp7mci.exe 2010-07-12 13:03:43 49152 ----a-w- c:\windows\system32\ssusbpn.dll 2010-07-12 13:03:42 81920 ----a-w- c:\windows\system32\ssdevm.dll 2010-07-12 13:03:39 21776 ----a-w- c:\windows\system32\msxml2a.dll 2010-07-12 13:02:26 5430 ------w- c:\windows\AnyWeb Print.ico 2010-07-12 13:02:26 133757 ------w- c:\windows\SmartCMS2.ico 2010-07-12 13:02:26 11502 ------w- c:\windows\Dr. Printer Icon.ico 2010-07-12 13:02:26 0 d-----w- c:\program files\Samsung ==================== Find3M ==================== 2010-08-05 07:46:39 76672 ---ha-w- c:\windows\system32\mlfcache.dat 2010-07-30 05:03:28 97549 ----a-w- c:\windows\system32\drivers\klick.dat 2010-07-30 05:03:28 113933 ----a-w- c:\windows\system32\drivers\klin.dat 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-06-24 03:53:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-06-24 03:53:37 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-06-17 02:00:04 0 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT ============= FINISH: 13:13:57.29 ===============
  16. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4401 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/7/2010 9:41:29 AM mbam-log-2010-08-07 (09-41-29).txt Scan type: Quick scan Objects scanned: 154604 Time elapsed: 28 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have update and scan my pc with kaspersky, it found nothing
  17. I have done a restart on the pc and it seems like I have extra menu to choose from during startup Either Windows Recovery or Windows Xp. Althought it will bypass it after a few minutes, is it removable? Thanks
  18. After the post 16 request ComboFix 08-11-05.02 - Acer Aspire 2008-11-06 22:28:31.3 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.645 [GMT 8:00] Running from: c:\documents and settings\Acer Aspire\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Acer Aspire\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\SSer.exe c:\windows\stopHS.bat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\SSer.exe c:\windows\stopHS.bat . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-02 20:48 . 2008-11-02 20:48 <DIR> d--hs---- c:\documents and settings\Acer Aspire\UserData 2008-10-27 14:41 . 2008-10-27 14:41 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-10-27 14:41 . 2008-10-27 14:41 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-10-27 14:41 . 2008-10-27 14:41 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-10-27 03:33 . 2008-10-27 03:33 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-10-27 02:58 . 2008-06-13 21:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys 2008-10-27 02:57 . 2008-08-14 17:51 138,368 --------- c:\windows\system32\dllcache\afd.sys 2008-10-27 02:11 . 2008-05-01 22:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 08:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 08:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys 2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys 2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-08-14 10:00 2,180,352 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2008-08-14 09:22 2,057,728 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2004-12-30 10:31 41,288 ----a-w c:\documents and settings\Acer Aspire\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot_2008-11-02_21.03.18.56 ))))))))))))))))))))))))))))))))))))))))) . + 2001-12-31 16:02:26 16,384 ----a-w c:\windows\temp\Perflib_Perfdata_78.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688] "KnobMonitor"="c:\acer\KnobMonitor.exe" [2003-06-02 248832] "MPS"="c:\acer\MPS.EXE" [2003-05-30 212992] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744] "EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2002-03-31 1234712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2002-03-31 136600] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE] "CHotkey"="mHotkey.exe" [2003-06-06 c:\windows\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2003-05-27 c:\windows\CNYHKey.exe] "nwiz"="nwiz.exe" [2002-08-30 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\startupfolder\C:^Documents and Settings^Acer Aspire^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=c:\documents and settings\Acer Aspire\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=c:\windows\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk backup=c:\windows\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoDiary for Sony HDPS.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PhotoDiary for Sony HDPS.lnk backup=c:\windows\pss\PhotoDiary for Sony HDPS.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2005-09-16 08:43 274432 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-02 10:16 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WWNExporter] --a------ 2005-11-22 03:56 2266624 d:\wow\WWNExporter\WWNExporter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "EPSONStatusAgent2"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MMPlayer\\PowerMPlayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\PPStream\\PPStream.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928] R1 NPPTNT;NPPTNT;c:\windows\System32\npptNT.sys [2003-07-21 4608] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2002-03-31 231704] R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2002-03-31 152984] R2 Qvod Terminal;Qvod Terminal;c:\program files\QvodPlayer\QvodTerminal.exe [2008-10-21 495616] R2 UxTuneUp;TuneUp Design Expansion;c:\windows\System32\svchost.exe [2004-08-04 14336] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 6085] S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2002-09-17 81356] S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2002-06-24 39182] S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2002-06-24 9804] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\Auto\command - pagefile.pif \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif . Contents of the 'Scheduled Tasks' folder 2008-02-15 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09] 2008-11-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12] 2008-11-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-06 22:30:57 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus C43 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"???????? ?????????*???????8????????????????a?wx??????????????? ?T???T??????????????b?w??T? ?T?????????D???????????h??w??T? ?T?????z??w ?T???T?????)??|??????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-06 22:31:35 ComboFix-quarantined-files.txt 2008-11-06 14:31:32 ComboFix3.txt 2008-10-27 06:33:58 ComboFix2.txt 2008-11-02 13:03:44 Pre-Run: 4,555,735,040 bytes free Post-Run: 4,830,887,936 bytes free 167 --- E O F --- 2008-10-27 07:52:49
  19. ComboFix 08-10-25.01 - Acer Aspire 2008-10-27 14:31:46.1 - FAT32x86 12:08 AM 1/1/2002Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.567 [GMT 8:00] Running from: C:\Documents and Settings\Acer Aspire\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Acer Aspire\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\_000006_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))))) . 2008-10-27 14:27 . <DIR> C:\32788R22FWJFW 2008-10-27 03:33 . 2008-10-27 03:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-27 03:27 . 2008-10-27 03:27 <DIR> d-------- C:\WINDOWS\LastGood 2008-10-27 02:58 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-27 02:57 . 2008-08-14 17:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-10-27 02:11 . 2008-05-01 22:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 08:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 08:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-10-15 16:57 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll 2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-15 11:57 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys 2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2004-12-30 10:31 41,288 ----a-w C:\Documents and Settings\Acer Aspire\Application Data\GDIPFONTCACHEV1.DAT 2002-01-20 15:08 30 --sha-r C:\WINDOWS\pc-off.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 114688] "KnobMonitor"="C:\acer\KnobMonitor.exe" [2003-06-02 248832] "MPS"="C:\ACER\MPS.EXE" [2003-05-30 212992] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744] "EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2002-03-31 1234712] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2002-03-31 136600] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 C:\WINDOWS\SOUNDMAN.EXE] "CHotkey"="mHotkey.exe" [2003-06-06 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2003-05-27 C:\WINDOWS\CNYHKey.exe] "nwiz"="nwiz.exe" [2002-08-30 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\startupfolder\C:^Documents and Settings^Acer Aspire^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=C:\Documents and Settings\Acer Aspire\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoDiary for Sony HDPS.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhotoDiary for Sony HDPS.lnk backup=C:\WINDOWS\pss\PhotoDiary for Sony HDPS.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2005-09-16 08:43 274432 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-02 10:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WWNExporter] --a------ 2005-11-22 03:56 2266624 D:\wow\WWNExporter\WWNExporter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSER] --a------ 2003-06-06 20:07 36864 C:\WINDOWS\SSer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopHS] --a------ 2003-05-23 19:23 38 C:\WINDOWS\stopHS.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "EPSONStatusAgent2"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MMPlayer\\PowerMPlayer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\QvodPlayer\\QvodTerminal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\PPStream\\PPStream.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-21 4608] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2002-03-31 231704] R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2002-03-31 152984] R2 Qvod Terminal;Qvod Terminal;C:\Program Files\QvodPlayer\QvodTerminal.exe [2008-10-21 495616] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 6085] S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-09-17 81356] S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-06-24 39182] S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-06-24 9804] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\Auto\command - pagefile.pif \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4965c6-329d-11d6-9986-00016c232057}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{876335b6-420a-11db-97ed-00016c232057}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db46ef86-52e7-11db-9804-806d6172696f}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7aec800-031b-11d6-993b-00016c232057}] \Shell\AutoRun\command - password_viewer.exe %1 \Shell\Explore\command - password_viewer.exe %1 \Shell\Open\command - password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83baa14-004a-11d6-9934-00016c232057}] \Shell\AutoRun\command - password_viewer.exe %1 \Shell\Explore\command - password_viewer.exe %1 \Shell\Open\command - password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed9e3abe-8a8b-11db-9855-91c1a4410abe}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-02-15 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09] 2008-02-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12] 2008-10-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHANS REMOVED - - - - Toolbar-{FCACB5E1-DE21-4DDB-A4F6-06DD92CEB23D} - (no file) WebBrowser-{FCACB5E1-DE21-4DDB-A4F6-06DD92CEB23D} - (no file) ShellIconOverlayIdentifiers-hex(2):7b,38,41,34,32,44,46,42,46,2d,37,38,36,38,2d,34,30,32,39,2d,39,35,38,\ - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-Internet Settings,ProxyServer = 10.1.1.8:8080 O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm O8 -: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5e522546d2b044399bf16da979fcbb5 O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5e522546d2b044399bf16da979fcbb5 O17 -: HKLM\CCS\Interface\{D47E7D15-2338-439C-822C-F8D6C684F2AE}: NameServer = 202.188.0.133,202.188.1.5 O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-27 14:33:16 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus C43 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"???????? ?????????*???????8????????????????a?wx??????????????? ?T???T??????????????b?w??T? ?T?????????D???????????h??w??T? ?T?????z??w ?T???T?????)??|??????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-27 14:33:56 ComboFix-quarantined-files.txt 2008-10-27 06:33:54 Pre-Run: 3,921,641,472 bytes free Post-Run: 5,125,308,416 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 207 --- E O F --- 2008-10-26 19:12:24
  20. Hi I havent posted in BC for quite some time. I choose to request help from here cause BC usually are quite busy and takes days to reply so i never started this thread there. As for me submitting the file to BC because after i have done the steps on post 11. combofix pop out a website requested me to submit it so i did as instructed by combofix. Back to combo fix, as i click the drag the CFscript on the combofix, it requested me to update when it started. So i click ok to update it. after that it auto start to scan and pop out that log. I wont be home till wednesday so i might need to delay a bit. Really sorry to keep you waiting.
  21. ComboFix 08-11-01.05 - Acer Aspire 2008-11-02 21:00:42.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.635 [GMT 8:00] Running from: C:\Documents and Settings\Acer Aspire\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Acer Aspire\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pc-off.bat . ((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 ))))))))))))))))))))))))))))))) . 2008-11-02 20:48 . 2008-11-02 20:48 <DIR> d--hs---- C:\Documents and Settings\Acer Aspire\UserData 2008-10-27 14:41 . 2008-10-27 14:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-27 14:41 . 2008-10-27 14:41 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-27 14:41 . 2008-10-27 14:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-27 03:33 . 2008-10-27 03:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-27 02:58 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-27 02:57 . 2008-08-14 17:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-10-27 02:11 . 2008-05-01 22:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 08:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 08:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-10-15 16:57 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-15 11:57 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys 2008-08-27 08:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-25 08:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2004-12-30 10:31 41,288 ----a-w C:\Documents and Settings\Acer Aspire\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2008-10-27_14.33.34.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-07 02:21:46 124,928 ------w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll + 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll + 2007-12-07 02:21:46 214,528 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll + 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll + 2007-12-07 02:21:46 63,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll + 2007-12-06 11:00:58 70,656 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe + 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll + 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll + 2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll + 2007-12-07 02:21:46 383,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll + 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll + 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll + 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll + 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll + 2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe + 2007-12-06 11:01:26 625,664 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe + 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll + 2007-12-07 02:21:48 459,264 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll + 2007-12-07 02:21:48 52,224 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll + 2007-12-08 05:21:48 3,592,192 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll + 2007-12-07 02:21:48 478,208 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll + 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll + 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll + 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll + 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll + 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll + 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll + 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll + 2007-09-14 13:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL + 2007-09-06 10:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12CNV.DLL + 2007-08-28 16:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12EXE.EXE + 2007-10-02 12:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE + 2007-05-31 05:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE + 2007-04-19 06:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL + 2007-06-18 09:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL + 2007-05-31 05:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE - 2008-10-26 19:10:40 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-10-27 07:52:44 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-10-26 19:10:40 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-10-27 07:52:44 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-10-26 19:10:40 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-10-27 07:52:46 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-10-26 19:10:40 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-10-27 07:52:44 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-10-26 19:10:40 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-10-27 07:52:46 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-10-26 19:10:40 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-10-27 07:52:46 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-10-26 19:10:40 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-10-27 07:52:46 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-10-26 19:10:40 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-10-27 07:52:46 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-10-26 19:10:40 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-10-27 07:52:44 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-10-26 19:10:40 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-10-27 07:52:44 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-10-26 19:10:40 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-10-27 07:52:46 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-10-26 19:10:40 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-10-27 07:52:44 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-10-26 19:10:38 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-10-27 07:52:44 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2008-10-26 19:11:10 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-10-27 07:45:08 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2007-12-07 02:21:46 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-12-07 02:21:46 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-08-26 07:24:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-03-25 04:50:26 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll - 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-12-07 02:21:46 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-08-26 07:24:28 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll - 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-12-07 02:21:46 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-12-07 02:21:46 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-08-26 07:24:30 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-08-26 07:24:30 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-08-26 07:24:30 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-24 16:23:06 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll + 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2007-12-07 02:21:48 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2007-12-07 02:21:48 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-12-07 02:21:48 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-08-26 07:24:30 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-03-01 03:52:16 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-27 08:12:54 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll + 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:46 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-08-26 07:24:30 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-03-25 04:50:48 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:50 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:56 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll - 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-25 04:50:58 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll + 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll + 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll - 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:04 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:18:48 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll - 2007-10-30 17:20:56 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 10:45:14 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll + 2008-08-26 07:24:30 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll - 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-08-26 07:24:32 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-08-26 07:24:32 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-08-26 07:24:32 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-10-27 06:41:32 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2007-10-30 17:20:56 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2008-06-20 10:45:14 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-12-07 02:21:46 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2005-07-26 04:39:46 243,200 ----a-w C:\WINDOWS\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll - 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\system32\extmgr.dll + 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2007-12-07 02:21:46 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-12-06 11:00:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe + 2008-08-25 08:38:00 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\system32\ieakeng.dll + 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\system32\ieaksie.dll + 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2008-08-23 05:54:52 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2007-12-07 02:21:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll + 2008-08-26 07:24:30 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-10-03 17:41:16 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-08-26 07:24:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2008-08-26 07:24:30 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll + 2008-06-24 16:23:06 74,240 ----a-w C:\WINDOWS\system32\mscms.dll - 2004-08-03 16:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf.dll + 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll - 2004-08-03 16:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-08-03 16:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2007-12-07 02:21:48 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-12-07 02:21:48 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-12-07 02:21:48 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2004-08-03 16:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-03-01 03:52:16 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-08-03 16:56:44 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll + 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll - 2004-08-03 16:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-08-03 16:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-08-03 16:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-08-03 16:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2004-08-03 16:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-08-03 16:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-08-03 16:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-08-03 16:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2004-08-03 16:56:44 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-08-03 16:56:44 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll + 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll - 2004-08-03 16:56:44 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll + 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll - 2004-08-03 16:56:44 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll + 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\occache.dll - 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-29 22:43:04 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll + 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll - 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll - 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-08-26 07:24:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-08-26 07:24:32 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-08-26 07:24:32 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-11-02 12:55:16 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_440.dat + 2008-04-15 17:54:20 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 114688] "KnobMonitor"="C:\acer\KnobMonitor.exe" [2003-06-02 248832] "MPS"="C:\ACER\MPS.EXE" [2003-05-30 212992] "WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744] "EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2002-03-31 1234712] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2002-03-31 136600] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 C:\WINDOWS\SOUNDMAN.EXE] "CHotkey"="mHotkey.exe" [2003-06-06 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2003-05-27 C:\WINDOWS\CNYHKey.exe] "nwiz"="nwiz.exe" [2002-08-30 C:\WINDOWS\system32\nwiz.exe] "StopHS"="stopHS.bat" [2003-05-23 C:\WINDOWS\stopHS.bat] "SSER"="sser.exe" [2003-06-06 C:\WINDOWS\SSer.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\startupfolder\C:^Documents and Settings^Acer Aspire^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=C:\Documents and Settings\Acer Aspire\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoDiary for Sony HDPS.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhotoDiary for Sony HDPS.lnk backup=C:\WINDOWS\pss\PhotoDiary for Sony HDPS.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2005-09-16 08:43 274432 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-02 10:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WWNExporter] --a------ 2005-11-22 03:56 2266624 D:\wow\WWNExporter\WWNExporter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "EPSONStatusAgent2"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MMPlayer\\PowerMPlayer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\QvodPlayer\\QvodTerminal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\PPStream\\PPStream.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-27 97928] R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-21 4608] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2002-03-31 231704] R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2002-03-31 152984] R2 Qvod Terminal;Qvod Terminal;C:\Program Files\QvodPlayer\QvodTerminal.exe [2008-10-21 495616] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 6085] S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-09-17 81356] S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-06-24 39182] S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-06-24 9804] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\Auto\command - pagefile.pif \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4965c6-329d-11d6-9986-00016c232057}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{876335b6-420a-11db-97ed-00016c232057}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db46ef86-52e7-11db-9804-806d6172696f}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83baa14-004a-11d6-9934-00016c232057}] \Shell\AutoRun\command - password_viewer.exe %1 \Shell\Explore\command - password_viewer.exe %1 \Shell\Open\command - password_viewer.exe %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed9e3abe-8a8b-11db-9855-91c1a4410abe}] \Shell\AutoRun\command - F:\password_viewer.exe %1 \Shell\Explore\command - F:\password_viewer.exe %1 \Shell\Open\command - F:\password_viewer.exe %1 . Contents of the 'Scheduled Tasks' folder 2008-02-15 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09] 2008-02-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12] 2008-10-30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 21:02:54 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON Stylus C43 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"???????? ?????????*???????8????????????????a?wx??????????????? ?T???T??????????????b?w??T? ?T?????????D???????????h??w??T? ?T?????z??w ?T???T?????)??|??????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-02 21:03:41 ComboFix-quarantined-files.txt 2008-11-02 13:03:40 ComboFix2.txt 2008-10-27 06:33:58 Pre-Run: 4,338,155,520 bytes free Post-Run: 4,335,861,760 bytes free 439 --- E O F --- 2008-10-27 07:52:49 Sorry for the delay, was busy last few days ago. I have submited the file to bleepingcomputer too.
  22. that* not sure why i cant find the edit button to edit the post
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.