Jump to content

Jamestec

Members
  • Posts

    40
  • Joined

  • Last visited

Everything posted by Jamestec

  1. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5886 # api_version=3.0.2 # EOSSerial=4750ece01eb7834086a071ea79f2df21 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-07-13 07:28:53 # local_time=2009-07-13 05:28:53 (+1000, AUS Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=516 37 100 100 59042812500 # scanned=178610 # found=7 # cleaned=0 # scan_time=3633 C:\Documents and Settings\User\My Documents\Downloaded Files\Soft-Ware\CE\CheatEngine55.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\dbk32.sys probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\Program Files\Super Fast Shutdown\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I C:\Program Files\Super Fast Shutdown\shutdown.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I C:\System Volume Information\_restore{C9D54677-E0CA-4990-AE43-E3CD86B52E55}\RP258\A0059318.sys probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{C9D54677-E0CA-4990-AE43-E3CD86B52E55}\RP294\A0065414.sys probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{C9D54677-E0CA-4990-AE43-E3CD86B52E55}\RP309\A0068210.sys probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I
  2. ComboFix 09-07-12.03 - User 07/13/2009 15:21.10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2731 [GMT 10:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point FILE :: "c:\windows\system32\XDva224.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\kdfinj.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XDVA224 -------\Service_XDva224 ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-11 08:55 . 2009-07-11 08:55 -------- d-----w- c:\program files\Cheat Engine 2009-07-11 08:55 . 2007-12-26 07:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-07-11 08:55 . 2007-12-26 07:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-06-30 11:40 . 2009-06-30 11:40 -------- d-----w- c:\program files\Windows Journal Viewer 2009-06-24 12:36 . 2009-06-24 12:36 -------- d-----w- c:\program files\Audacity 2009-06-23 11:03 . 2009-06-23 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-23 11:03 . 2009-06-23 11:03 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-06-23 11:03 . 2009-06-23 11:03 45008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-21 02:56 . 2009-06-21 02:56 -------- d-----w- c:\program files\iPod 2009-06-21 02:56 . 2009-06-21 02:56 -------- d-----w- c:\program files\iTunes 2009-06-21 02:49 . 2009-06-21 02:49 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-19 14:15 . 2009-06-30 12:40 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-19 14:15 . 2009-07-07 02:04 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-19 14:15 . 2009-06-30 12:40 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-19 14:15 . 2009-06-30 12:40 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-19 14:15 . 2009-06-30 12:40 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-19 14:15 . 2009-07-07 02:04 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-19 14:15 . 2009-06-30 12:40 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-19 14:15 . 2009-06-30 12:40 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-19 14:14 . 2009-06-30 12:40 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-19 14:14 . 2009-06-30 12:40 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-19 14:14 . 2009-07-06 13:13 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-19 14:14 . 2009-06-30 12:40 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-19 14:14 . 2009-06-30 12:40 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-19 14:14 . 2009-06-30 12:39 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 05:36 . 2008-11-10 09:51 -------- d-----w- c:\program files\DNA 2009-07-13 05:36 . 2008-11-09 00:36 -------- d-----w- c:\documents and settings\User\Application Data\DNA 2009-07-13 05:29 . 2008-10-25 01:32 16608 ----a-w- c:\windows\gdrv.sys 2009-07-13 05:01 . 2009-02-14 05:34 53248 ----a-w- c:\windows\system32\Kdfhok.dll 2009-07-13 05:01 . 2009-02-02 07:53 77824 ----a-w- c:\windows\system32\kdfapi.dll 2009-07-13 05:01 . 2009-02-02 07:53 387288 ----a-w- c:\windows\system32\kdfmgr.exe 2009-07-13 05:01 . 2009-02-02 07:53 192512 ----a-w- c:\windows\system32\kdfvmgr.exe 2009-07-13 04:54 . 2009-01-27 03:58 -------- d-----w- c:\documents and settings\User\Application Data\U3 2009-07-07 07:07 . 2008-11-22 06:57 -------- d-----w- c:\documents and settings\User\Application Data\Red Alert 3 2009-07-07 02:16 . 2009-02-14 09:44 -------- d-----w- c:\program files\Windows Live Safety Center 2009-07-04 10:30 . 2009-05-14 10:57 -------- d-----w- c:\program files\Lx_cats 2009-06-30 12:40 . 2009-05-27 09:46 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-30 12:40 . 2009-05-27 09:46 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-30 12:40 . 2009-05-27 09:46 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-28 02:16 . 2009-01-11 10:01 -------- d-----w- c:\program files\UserBench Encode 2009 Windows 2009-06-24 09:57 . 2009-02-04 08:43 -------- d-----w- c:\program files\Messenger Plus! Live 2009-06-21 02:56 . 2008-11-01 08:52 -------- d-----w- c:\program files\Common Files\Apple 2009-06-21 02:54 . 2009-03-13 11:42 -------- d-----w- c:\program files\QuickTime 2009-06-19 14:14 . 2009-02-06 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 14:14 . 2009-02-14 07:25 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 01:27 . 2009-02-06 05:28 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 01:27 . 2009-02-06 05:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 09:31 . 2008-11-08 23:51 -------- d-----w- c:\program files\Java 2009-06-10 09:28 . 2009-06-10 09:28 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-08 11:30 . 2008-11-09 00:07 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat 2009-06-06 05:16 . 2008-11-01 03:11 -------- d-----w- c:\program files\EA GAMES 2009-06-03 06:33 . 2008-10-25 01:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-30 01:44 . 2009-01-14 07:53 -------- d-----w- c:\program files\My Tribe 2009-05-29 10:13 . 2009-05-29 10:13 0 ----a-w- c:\windows\system32\drivers\fmajduxk.sys 2009-05-28 10:23 . 2008-11-22 06:36 -------- d-----w- c:\program files\Electronic Arts 2009-05-27 11:04 . 2009-05-27 11:04 -------- d-----w- c:\program files\CCleaner 2009-05-27 09:46 . 2009-05-27 09:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-27 09:46 . 2009-02-12 08:24 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-25 02:20 . 2008-10-25 07:00 45008 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-23 04:50 . 2008-11-02 00:34 -------- d-----w- c:\program files\Pivot Stickfigure Animator 2009-05-22 10:47 . 2009-05-22 10:47 -------- d-----w- c:\program files\Multiwinia 2009-05-21 01:33 . 2008-11-08 23:52 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-17 02:26 . 2009-05-17 02:26 -------- d-----w- c:\program files\MSECache 2009-05-13 05:15 . 2007-07-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2007-07-27 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-23 08:56 . 2009-04-23 08:56 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-23 08:56 . 2009-02-12 07:52 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-23 08:51 . 2009-01-02 19:36 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-04-23 08:51 . 2009-01-02 19:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-04-17 12:26 . 2007-07-27 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 01:35 . 2008-10-28 10:09 7878 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat 2009-04-15 14:51 . 2007-07-27 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-01-27 06:38 . 2009-01-27 05:40 206112 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-01-27 06:38 . 2009-01-27 05:40 5152 --sha-w- c:\windows\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2009-03-24 329040] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-08-20 65536] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008] c:\documents and settings\User\Start Menu\Programs\Startup\ Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2007-12-9 275968] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Xfire\\ua_lsp_inst.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Silkroad\\SilkErrSender.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\lxbxcoms.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\WorldBuilder.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Multiwinia\\multiwinia.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/12/2009 5:52 PM 64160] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [10/25/2008 11:37 AM 80392] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/19/2009 7:34 AM 1029456] R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [1/14/2009 9:01 AM 181584] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/14/2009 9:00 AM 50192] R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/14/2009 9:01 AM 497008] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/14/2009 8:56 AM 36368] R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/14/2009 9:01 AM 677128] R3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [10/25/2008 12:12 PM 7040] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/15/2008 8:23 AM 335376] R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [10/25/2008 12:12 PM 1060224] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1/25/2009 6:56 PM 24944] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:40] 2009-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34] 2009-07-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] 2009-07-13 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html LSP: xfire_lsp_9028.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cyuu8e8y.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 15:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,35,0d,9b,90,8b,e9,4f,b4,42,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,35,0d,9b,90,8b,e9,4f,b4,42,c4,\ [HKEY_USERS\S-1-5-21-448539723-1563985344-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-448539723-1563985344-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:61,45,7e,d3,87,18,13,40,02,ce,1e,bf,29,4c,a7,cc,9e,0d,0e,f5,8a, 5b,30,7a,56,f4,24,6e,64,c7,99,f8,a6,54,37,5a,de,25,65,d0,db,e6,5d,7c,70,82,\ "rkeysecu"=hex:08,ff,51,a5,fa,78,39,38,a4,92,e2,9a,b0,22,60,da . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1076) c:\windows\system32\xfire_lsp_9028.dll - - - - - - - > 'explorer.exe'(7292) c:\windows\system32\WININET.dll c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLock.dll c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLockUI.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Trend Micro\BM\TMBMSRV.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe c:\windows\system32\rundll32.exe c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Trend Micro\Internet Security\UfUpdUi.exe . ************************************************************************** . Completion time: 2009-07-13 15:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 05:43 ComboFix2.txt 2009-05-02 00:18 ComboFix3.txt 2009-04-08 09:15 ComboFix4.txt 2009-02-28 01:03 ComboFix5.txt 2009-05-24 10:14 Pre-Run: 388,426,670,080 bytes free Post-Run: 388,339,331,072 bytes free 292 --- E O F --- 2009-06-10 09:35
  3. Does this mean that i had for malicious items on my computer because it stated it on the other deletions part? And Combofix got 3/21 in Jotti and 8/41 in VirusTotal
  4. ComboFix 09-07-09.08 - User 07/11/2009 19:22.9.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2664 [GMT 10:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\55982.msi c:\windows\Installer\WMEncoder.msi c:\windows\system32\kdfinj.dll c:\windows\system32\winio.vxd . ((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))))) . 2009-07-11 08:55 . 2009-07-11 08:55 -------- d-----w- c:\program files\Cheat Engine 2009-07-11 08:55 . 2007-12-26 07:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-07-11 08:55 . 2007-12-26 07:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-06-30 11:40 . 2009-06-30 11:40 -------- d-----w- c:\program files\Windows Journal Viewer 2009-06-24 12:36 . 2009-06-24 12:36 -------- d-----w- c:\program files\Audacity 2009-06-23 11:03 . 2009-06-23 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-23 11:03 . 2009-06-23 11:03 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-06-23 11:03 . 2009-06-23 11:03 45008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-21 02:56 . 2009-06-21 02:56 -------- d-----w- c:\program files\iPod 2009-06-21 02:56 . 2009-06-21 02:56 -------- d-----w- c:\program files\iTunes 2009-06-21 02:49 . 2009-06-21 02:49 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-19 14:15 . 2009-06-30 12:40 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-19 14:15 . 2009-07-07 02:04 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-06-19 14:15 . 2009-06-30 12:40 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-06-19 14:15 . 2009-06-30 12:40 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-06-19 14:15 . 2009-06-30 12:40 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-06-19 14:15 . 2009-07-07 02:04 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-06-19 14:15 . 2009-06-30 12:40 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-19 14:15 . 2009-06-30 12:40 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-06-19 14:14 . 2009-06-30 12:40 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-19 14:14 . 2009-06-30 12:40 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-19 14:14 . 2009-07-06 13:13 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-19 14:14 . 2009-06-30 12:40 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-19 14:14 . 2009-06-30 12:40 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-19 14:14 . 2009-06-30 12:39 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-11 09:26 . 2008-11-09 00:36 -------- d-----w- c:\documents and settings\User\Application Data\DNA 2009-07-11 09:06 . 2009-01-27 03:58 -------- d-----w- c:\documents and settings\User\Application Data\U3 2009-07-11 08:37 . 2009-02-14 05:34 53248 ----a-w- c:\windows\system32\Kdfhok.dll 2009-07-11 08:37 . 2009-02-02 07:53 77824 ----a-w- c:\windows\system32\kdfapi.dll 2009-07-11 08:37 . 2009-02-02 07:53 387288 ----a-w- c:\windows\system32\kdfmgr.exe 2009-07-11 08:37 . 2009-02-02 07:53 192512 ----a-w- c:\windows\system32\kdfvmgr.exe 2009-07-10 23:45 . 2008-11-10 09:51 -------- d-----w- c:\program files\DNA 2009-07-10 23:44 . 2008-10-25 01:32 16608 ----a-w- c:\windows\gdrv.sys 2009-07-07 07:07 . 2008-11-22 06:57 -------- d-----w- c:\documents and settings\User\Application Data\Red Alert 3 2009-07-07 02:16 . 2009-02-14 09:44 -------- d-----w- c:\program files\Windows Live Safety Center 2009-07-04 10:30 . 2009-05-14 10:57 -------- d-----w- c:\program files\Lx_cats 2009-06-30 12:40 . 2009-05-27 09:46 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-06-30 12:40 . 2009-05-27 09:46 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-06-30 12:40 . 2009-05-27 09:46 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-06-28 02:16 . 2009-01-11 10:01 -------- d-----w- c:\program files\UserBench Encode 2009 Windows 2009-06-24 09:57 . 2009-02-04 08:43 -------- d-----w- c:\program files\Messenger Plus! Live 2009-06-21 02:56 . 2008-11-01 08:52 -------- d-----w- c:\program files\Common Files\Apple 2009-06-21 02:54 . 2009-03-13 11:42 -------- d-----w- c:\program files\QuickTime 2009-06-19 14:14 . 2009-02-06 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-19 14:14 . 2009-02-14 07:25 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 01:27 . 2009-02-06 05:28 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 01:27 . 2009-02-06 05:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 09:31 . 2008-11-08 23:51 -------- d-----w- c:\program files\Java 2009-06-10 09:28 . 2009-06-10 09:28 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-08 11:30 . 2008-11-09 00:07 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat 2009-06-06 05:16 . 2008-11-01 03:11 -------- d-----w- c:\program files\EA GAMES 2009-06-03 06:33 . 2008-10-25 01:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-30 01:44 . 2009-01-14 07:53 -------- d-----w- c:\program files\My Tribe 2009-05-29 10:13 . 2009-05-29 10:13 0 ----a-w- c:\windows\system32\drivers\fmajduxk.sys 2009-05-28 10:23 . 2008-11-22 06:36 -------- d-----w- c:\program files\Electronic Arts 2009-05-27 11:04 . 2009-05-27 11:04 -------- d-----w- c:\program files\CCleaner 2009-05-27 09:46 . 2009-05-27 09:46 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-27 09:46 . 2009-02-12 08:24 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-25 02:20 . 2008-10-25 07:00 45008 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-23 04:50 . 2008-11-02 00:34 -------- d-----w- c:\program files\Pivot Stickfigure Animator 2009-05-22 10:47 . 2009-05-22 10:47 -------- d-----w- c:\program files\Multiwinia 2009-05-21 01:33 . 2008-11-08 23:52 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-17 02:26 . 2009-05-17 02:26 -------- d-----w- c:\program files\MSECache 2009-05-13 05:15 . 2007-07-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2007-07-27 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-23 08:56 . 2009-04-23 08:56 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-23 08:56 . 2009-02-12 07:52 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-23 08:51 . 2009-01-02 19:36 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-04-23 08:51 . 2009-01-02 19:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-04-17 12:26 . 2007-07-27 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-16 01:35 . 2008-10-28 10:09 7878 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat 2009-04-15 14:51 . 2007-07-27 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-01-27 06:38 . 2009-01-27 05:40 206112 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-01-27 06:38 . 2009-01-27 05:40 5152 --sha-w- c:\windows\system32\drivers\fidbox2.dat . ((((((((((((((((((((((((((((( SnapShot_2009-05-24_10.16.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-24 09:21 . 2009-06-24 09:21 16384 c:\windows\Temp\Perflib_Perfdata_210.dat + 2009-07-10 23:44 . 2009-07-10 23:44 16384 c:\windows\Temp\Perflib_Perfdata_1f8.dat + 2009-05-11 12:06 . 2009-06-07 09:23 45218 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-06-12 10:42 . 2009-06-12 12:21 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2009-05-03 02:09 . 2009-05-03 02:09 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2007-07-27 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll - 2007-07-27 12:00 . 2009-03-07 18:33 25600 c:\windows\system32\jsproxy.dll + 2009-06-21 02:52 . 2009-06-05 01:42 39424 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaapl.sys + 2009-06-21 02:52 . 2009-06-05 01:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys + 2009-06-10 09:25 . 2009-04-30 21:22 12800 c:\windows\system32\dllcache\xpshims.dll + 2007-07-27 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll - 2007-07-27 12:00 . 2009-03-07 18:33 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-06-20 23:22 . 2009-06-20 23:22 78562 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe + 2009-06-04 12:15 . 2009-06-04 12:15 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll - 2009-02-25 09:35 . 2009-01-16 08:16 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll + 2009-06-04 11:45 . 2009-06-04 11:45 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll + 2009-02-14 09:54 . 2009-02-14 09:54 30720 c:\windows\Installer\eaa69.msi + 2009-02-04 08:34 . 2009-02-04 08:34 25088 c:\windows\Installer\a9f70.msi + 2009-02-04 08:34 . 2009-02-04 08:34 83456 c:\windows\Installer\a9f44.msi + 2009-02-21 23:43 . 2009-02-21 23:43 23040 c:\windows\Installer\9f8f7.msi + 2009-02-21 23:42 . 2009-02-21 23:42 28160 c:\windows\Installer\9f8cd.msi + 2009-02-21 23:42 . 2009-02-21 23:42 59904 c:\windows\Installer\9f8a7.msi + 2008-07-29 10:07 . 2008-07-29 10:07 23040 c:\windows\Installer\219ac7.msp + 2009-02-27 08:32 . 2009-02-27 08:32 88576 c:\windows\Installer\1fdf99.msi + 2008-10-25 08:10 . 2009-06-10 09:35 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2008-10-25 08:10 . 2009-04-15 02:13 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2008-10-25 08:10 . 2009-06-10 09:35 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2008-10-25 08:10 . 2009-04-15 02:13 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2008-10-25 08:10 . 2009-06-10 09:35 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2008-10-25 08:10 . 2009-04-15 02:13 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2008-10-25 08:10 . 2009-06-10 09:35 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2008-10-25 08:10 . 2009-04-15 02:13 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe - 2009-05-18 12:39 . 2009-05-18 12:39 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-06-10 09:35 . 2009-06-10 09:35 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2009-06-30 11:40 . 2009-06-30 11:40 65536 c:\windows\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe + 2009-04-03 08:01 . 2009-04-03 08:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL + 2009-04-03 07:57 . 2009-04-03 07:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE + 2009-06-07 07:43 . 2007-11-30 12:39 17272 c:\windows\ie8updates\KB971180-IE8\spmsg.dll + 2009-06-07 07:43 . 2007-11-30 12:39 26488 c:\windows\ie8updates\KB971180-IE8\spcustom.dll + 2009-06-10 09:35 . 2009-03-07 18:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll + 2009-06-10 09:35 . 2009-03-07 18:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll + 2009-06-07 07:42 . 2009-03-08 04:23 58464 c:\windows\ie8\spuninst\iecustom.dll - 2009-05-02 03:40 . 2009-03-08 04:23 58464 c:\windows\ie8\spuninst\iecustom.dll - 2009-05-02 03:39 . 2008-12-20 23:15 44544 c:\windows\ie8\pngfilt.dll + 2009-06-07 07:41 . 2008-12-20 23:15 44544 c:\windows\ie8\pngfilt.dll - 2009-05-02 03:39 . 2007-08-13 07:01 48128 c:\windows\ie8\mshtmler.dll + 2009-06-07 07:41 . 2007-08-13 07:01 48128 c:\windows\ie8\mshtmler.dll + 2009-06-07 07:41 . 2007-08-13 07:32 45568 c:\windows\ie8\mshta.exe - 2009-05-02 03:39 . 2007-08-13 07:32 45568 c:\windows\ie8\mshta.exe + 2009-06-07 07:41 . 2007-08-13 07:36 12288 c:\windows\ie8\msfeedssync.exe - 2009-05-02 03:39 . 2007-08-13 07:36 12288 c:\windows\ie8\msfeedssync.exe + 2009-06-07 07:41 . 2008-12-20 23:15 52224 c:\windows\ie8\msfeedsbs.dll - 2009-05-02 03:39 . 2008-12-20 23:15 52224 c:\windows\ie8\msfeedsbs.dll + 2009-06-07 07:41 . 2007-08-13 07:44 40960 c:\windows\ie8\licmgr10.dll - 2009-05-02 03:39 . 2007-08-13 07:44 40960 c:\windows\ie8\licmgr10.dll - 2009-05-02 03:39 . 2008-12-20 23:15 27648 c:\windows\ie8\jsproxy.dll + 2009-06-07 07:41 . 2008-12-20 23:15 27648 c:\windows\ie8\jsproxy.dll + 2009-06-07 07:41 . 2007-08-13 07:39 92672 c:\windows\ie8\inseng.dll - 2009-05-02 03:39 . 2007-08-13 07:39 92672 c:\windows\ie8\inseng.dll + 2009-06-07 07:41 . 2007-08-13 07:36 36352 c:\windows\ie8\imgutil.dll - 2009-05-02 03:39 . 2007-08-13 07:36 36352 c:\windows\ie8\imgutil.dll + 2009-06-07 07:41 . 2007-08-13 07:39 55296 c:\windows\ie8\iesetup.dll - 2009-05-02 03:39 . 2007-08-13 07:39 55296 c:\windows\ie8\iesetup.dll - 2009-05-02 03:39 . 2008-12-20 23:15 44544 c:\windows\ie8\iernonce.dll + 2009-06-07 07:41 . 2008-12-20 23:15 44544 c:\windows\ie8\iernonce.dll - 2009-05-02 03:39 . 2007-08-13 07:45 78336 c:\windows\ie8\ieencode.dll + 2009-06-07 07:41 . 2007-08-13 07:45 78336 c:\windows\ie8\ieencode.dll + 2009-06-07 07:41 . 2008-12-19 09:10 70656 c:\windows\ie8\ie4uinit.exe - 2009-05-02 03:39 . 2008-12-19 09:10 70656 c:\windows\ie8\ie4uinit.exe + 2009-06-07 07:41 . 2008-12-20 23:15 63488 c:\windows\ie8\icardie.dll - 2009-05-02 03:39 . 2008-12-20 23:15 63488 c:\windows\ie8\icardie.dll + 2009-06-07 07:41 . 2007-08-13 07:18 60416 c:\windows\ie8\hmmapi.dll - 2009-05-02 03:39 . 2007-08-13 07:18 60416 c:\windows\ie8\hmmapi.dll + 2009-06-07 07:41 . 2007-08-13 07:42 17408 c:\windows\ie8\corpol.dll - 2009-05-02 03:39 . 2007-08-13 07:42 17408 c:\windows\ie8\corpol.dll - 2009-05-02 03:39 . 2007-08-13 07:39 71680 c:\windows\ie8\admparse.dll + 2009-06-07 07:41 . 2007-08-13 07:39 71680 c:\windows\ie8\admparse.dll + 2009-06-07 07:06 . 2009-06-08 11:30 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll + 2009-06-07 07:06 . 2009-06-08 11:30 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll + 2009-05-27 08:55 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB971180-IE8\update\spcustom.dll + 2009-05-27 08:55 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB971180-IE8\spmsg.dll + 2009-06-10 09:33 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll + 2009-06-10 09:33 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll + 2009-06-10 09:35 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll + 2009-06-10 09:35 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll + 2009-06-10 09:35 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll + 2009-06-10 09:35 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll + 2009-06-10 09:25 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll + 2009-06-10 09:25 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll + 2009-06-10 09:33 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll + 2009-06-10 09:33 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll + 2009-06-10 09:35 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll + 2009-06-10 09:35 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll - 2009-02-25 09:35 . 2009-01-16 08:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2009-06-04 12:17 . 2009-06-04 12:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll - 2008-10-25 08:10 . 2009-04-15 02:13 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2008-10-25 08:10 . 2009-06-10 09:35 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2008-10-25 08:10 . 2009-06-10 09:35 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2008-10-25 08:10 . 2009-04-15 02:13 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2008-10-25 08:10 . 2009-06-10 09:35 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe - 2008-10-25 08:10 . 2009-04-15 02:13 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2009-06-07 07:43 . 2009-03-07 18:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll + 2004-08-03 14:56 . 2004-08-03 14:56 293376 c:\windows\system32\wisptis.exe + 2007-06-11 20:34 . 2007-06-11 20:34 190696 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-06-10 09:31 . 2009-05-21 01:34 148888 c:\windows\system32\javaws.exe - 2009-04-01 08:51 . 2009-03-08 18:19 148888 c:\windows\system32\javaws.exe + 2009-06-10 09:31 . 2009-05-21 01:34 144792 c:\windows\system32\javaw.exe - 2009-04-01 08:51 . 2009-03-08 18:19 144792 c:\windows\system32\javaw.exe - 2009-04-01 08:51 . 2009-03-08 18:19 144792 c:\windows\system32\java.exe + 2009-06-10 09:31 . 2009-05-21 01:34 144792 c:\windows\system32\java.exe + 2004-08-03 14:56 . 2004-08-03 14:56 207360 c:\windows\system32\inked.dll + 2007-07-27 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll - 2007-07-27 12:00 . 2009-03-07 18:32 173056 c:\windows\system32\ie4uinit.exe + 2007-07-27 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe + 2007-07-27 12:00 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll + 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll + 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll + 2009-06-10 09:25 . 2009-04-30 21:22 246272 c:\windows\system32\dllcache\ieproxy.dll + 2007-07-27 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll + 2009-03-21 07:19 . 2009-06-02 10:12 102912 c:\windows\system32\dllcache\iecompat.dll - 2007-07-27 12:00 . 2009-03-07 18:32 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2007-07-27 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2009-06-04 11:45 . 2009-06-04 11:45 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 2009-06-04 12:15 . 2009-06-04 12:15 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe - 2009-02-25 09:35 . 2009-01-16 08:16 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe + 2009-06-05 11:38 . 2009-06-05 11:38 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe + 2009-06-04 12:17 . 2009-06-04 12:17 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll - 2009-02-25 09:35 . 2009-01-16 08:18 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll + 2009-06-04 12:16 . 2009-06-04 12:16 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2009-06-05 11:34 . 2009-06-05 11:34 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll + 2009-06-04 12:15 . 2009-06-04 12:15 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll + 2009-06-05 11:38 . 2009-06-05 11:38 202168 c:\windows\system32\Adobe\Director\swdir.dll - 2009-02-25 09:34 . 2009-01-16 06:19 202168 c:\windows\system32\Adobe\Director\swdir.dll + 2009-06-04 12:17 . 2009-06-04 12:17 131072 c:\windows\system32\Adobe\Director\np32dsw.dll + 2008-11-07 06:10 . 2007-07-27 12:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi + 2008-11-07 06:10 . 2007-07-27 12:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi + 2009-06-06 06:21 . 2009-06-06 06:21 451072 c:\windows\NAW BF2 Kyzyl Kum Map\N.A.W KyzylKum.exe + 2009-02-27 08:33 . 2009-02-27 08:33 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi + 2008-12-20 05:05 . 2008-12-20 05:05 245760 c:\windows\Installer\f52e4f.msi + 2009-02-09 22:50 . 2009-02-09 22:50 536576 c:\windows\Installer\dc6225.msp + 2008-12-04 10:20 . 2008-12-04 10:20 891904 c:\windows\Installer\c36c44.msi + 2008-12-24 21:14 . 2008-12-24 21:14 579584 c:\windows\Installer\c1044.msi + 2008-11-02 08:20 . 2008-11-02 08:20 610304 c:\windows\Installer\b26216.msi + 2009-02-04 08:34 . 2009-02-04 08:34 202752 c:\windows\Installer\a9f4e.msi + 2009-02-04 08:34 . 2009-02-04 08:34 107008 c:\windows\Installer\a9f3a.msi + 2009-02-04 08:33 . 2009-02-04 08:33 301056 c:\windows\Installer\a9f35.msi + 2009-01-31 21:56 . 2009-01-31 21:56 236032 c:\windows\Installer\a7e0d.msi + 2009-02-21 23:44 . 2009-02-21 23:44 736768 c:\windows\Installer\9f923.msi + 2009-02-21 23:43 . 2009-02-21 23:43 431104 c:\windows\Installer\9f8f1.msi + 2009-02-21 23:42 . 2009-02-21 23:42 140288 c:\windows\Installer\9f8c5.msi + 2009-02-21 23:42 . 2009-02-21 23:42 152576 c:\windows\Installer\9f8b6.msi + 2009-04-20 04:59 . 2009-04-20 04:59 219648 c:\windows\Installer\8bce9.msp + 2008-12-01 05:41 . 2008-12-01 05:41 972800 c:\windows\Installer\7ad338.msi + 2008-12-01 05:41 . 2008-12-01 05:41 432640 c:\windows\Installer\7ad332.msi + 2008-10-25 08:08 . 2008-10-25 08:08 882176 c:\windows\Installer\673845.msi + 2009-03-20 01:48 . 2009-03-20 01:48 183808 c:\windows\Installer\5facb.msp + 2008-11-27 07:34 . 2008-11-27 07:34 186368 c:\windows\Installer\5f6372.msi + 2009-01-27 05:36 . 2009-01-27 05:36 331264 c:\windows\Installer\55981.msi + 2008-12-11 00:32 . 2008-12-11 00:32 527872 c:\windows\Installer\3555bc.msi + 2008-12-11 00:29 . 2008-12-11 00:29 528896 c:\windows\Installer\3555b6.msi + 2008-10-25 01:28 . 2008-10-25 01:28 264704 c:\windows\Installer\2e9ed.msi + 2008-12-24 06:40 . 2008-12-24 06:40 612864 c:\windows\Installer\2bf71.msi + 2009-01-19 10:23 . 2009-01-19 10:23 408064 c:\windows\Installer\2a7535c.msi + 2009-02-12 07:52 . 2009-02-12 07:52 569856 c:\windows\Installer\2394a.msi + 2008-12-12 22:58 . 2008-12-12 22:58 754688 c:\windows\Installer\22699b.msp + 2009-02-27 08:34 . 2009-02-27 08:34 648192 c:\windows\Installer\226978.msi + 2008-07-29 10:23 . 2008-07-29 10:23 250880 c:\windows\Installer\219ad0.msp + 2008-07-29 10:28 . 2008-07-29 10:28 278016 c:\windows\Installer\219ace.msp + 2008-07-29 08:40 . 2008-07-29 08:40 291840 c:\windows\Installer\219acc.msp + 2009-02-27 08:33 . 2009-02-27 08:33 137728 c:\windows\Installer\219ac6.msi + 2008-07-29 06:35 . 2008-07-29 06:35 553472 c:\windows\Installer\1fdf9e.msp + 2008-07-29 06:33 . 2008-07-29 06:33 506368 c:\windows\Installer\1fdf9c.msp + 2008-07-29 06:37 . 2008-07-29 06:37 911360 c:\windows\Installer\1fdf9b.msp + 2009-05-17 02:27 . 2009-05-17 02:27 355328 c:\windows\Installer\1fc4d4.msi + 2008-12-23 00:28 . 2008-12-23 00:28 228352 c:\windows\Installer\1e6c87.msi + 2004-08-24 21:52 . 2004-08-24 21:52 376832 c:\windows\Installer\16828e.msp + 2008-01-23 23:04 . 2008-01-23 23:04 678400 c:\windows\Installer\168243.msp + 2008-11-07 11:32 . 2008-11-07 11:32 431104 c:\windows\Installer\15903ef.msi + 2009-03-21 01:04 . 2009-03-21 01:04 598016 c:\windows\Installer\101da5.msi + 2009-06-21 02:56 . 2009-06-21 02:56 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe + 2009-06-24 09:26 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971930-IE8\spuninst\updspapi.dll + 2009-06-24 09:26 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971930-IE8\spuninst\spuninst.exe + 2009-06-24 09:26 . 2009-05-12 05:11 102912 c:\windows\ie8updates\KB971930-IE8\iecompat.dll + 2009-06-07 07:43 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\updspapi.dll + 2009-06-07 07:43 . 2007-11-30 12:39 755576 c:\windows\ie8updates\KB971180-IE8\update.exe + 2009-06-07 07:43 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll + 2009-06-07 07:43 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe + 2009-06-07 07:43 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst.exe + 2009-06-10 09:35 . 2009-03-07 18:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll + 2009-06-10 09:35 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll + 2009-06-10 09:35 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe + 2009-06-10 09:35 . 2009-03-07 18:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll + 2009-06-10 09:35 . 2009-03-08 04:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll + 2009-06-10 09:35 . 2009-03-07 18:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe + 2009-06-07 07:41 . 2008-12-20 23:15 826368 c:\windows\ie8\wininet.dll - 2009-05-02 03:39 . 2008-12-20 23:15 826368 c:\windows\ie8\wininet.dll + 2009-06-07 07:41 . 2007-08-13 07:45 206336 c:\windows\ie8\winfxdocobj.exe - 2009-05-02 03:39 . 2007-08-13 07:45 206336 c:\windows\ie8\winfxdocobj.exe - 2009-05-02 03:39 . 2008-12-20 23:15 233472 c:\windows\ie8\webcheck.dll + 2009-06-07 07:41 . 2008-12-20 23:15 233472 c:\windows\ie8\webcheck.dll + 2009-06-07 07:41 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll - 2009-05-02 03:39 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll - 2009-05-02 03:39 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll + 2009-06-07 07:41 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll + 2009-06-07 07:41 . 2008-12-20 23:15 105984 c:\windows\ie8\url.dll - 2009-05-02 03:39 . 2008-12-20 23:15 105984 c:\windows\ie8\url.dll + 2009-06-07 07:42 . 2009-01-07 08:21 382496 c:\windows\ie8\spuninst\updspapi.dll - 2009-05-02 03:40 . 2009-01-07 08:21 382496 c:\windows\ie8\spuninst\updspapi.dll + 2009-06-07 07:42 . 2009-01-07 08:20 231456 c:\windows\ie8\spuninst\spuninst.exe - 2009-05-02 03:40 . 2009-01-07 08:20 231456 c:\windows\ie8\spuninst\spuninst.exe - 2009-05-02 03:39 . 2006-09-06 06:43 213216 c:\windows\ie8\spuninst.exe + 2009-06-07 07:41 . 2006-09-06 06:43 213216 c:\windows\ie8\spuninst.exe + 2009-06-07 07:41 . 2008-12-20 23:15 102912 c:\windows\ie8\occache.dll - 2009-05-02 03:39 . 2008-12-20 23:15 102912 c:\windows\ie8\occache.dll + 2009-06-07 07:41 . 2008-12-20 23:15 671232 c:\windows\ie8\mstime.dll - 2009-05-02 03:39 . 2008-12-20 23:15 671232 c:\windows\ie8\mstime.dll + 2009-06-07 07:41 . 2008-12-20 23:15 193024 c:\windows\ie8\msrating.dll - 2009-05-02 03:39 . 2008-12-20 23:15 193024 c:\windows\ie8\msrating.dll + 2009-06-07 07:41 . 2007-08-13 07:54 156160 c:\windows\ie8\msls31.dll - 2009-05-02 03:39 . 2007-08-13 07:54 156160 c:\windows\ie8\msls31.dll + 2009-06-07 07:41 . 2008-12-20 23:15 477696 c:\windows\ie8\mshtmled.dll - 2009-05-02 03:39 . 2008-12-20 23:15 477696 c:\windows\ie8\mshtmled.dll - 2009-05-02 03:39 . 2008-12-20 23:15 459264 c:\windows\ie8\msfeeds.dll + 2009-06-07 07:41 . 2008-12-20 23:15 459264 c:\windows\ie8\msfeeds.dll + 2009-06-07 07:41 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll - 2009-05-02 03:39 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll + 2009-06-07 07:41 . 2008-12-19 05:25 634024 c:\windows\ie8\iexplore.exe - 2009-05-02 03:39 . 2008-12-19 05:25 634024 c:\windows\ie8\iexplore.exe + 2009-06-07 07:41 . 2007-08-13 07:54 180736 c:\windows\ie8\ieui.dll - 2009-05-02 03:39 . 2007-08-13 07:54 180736 c:\windows\ie8\ieui.dll - 2009-05-02 03:39 . 2008-12-20 23:15 267776 c:\windows\ie8\iertutil.dll + 2009-06-07 07:41 . 2008-12-20 23:15 267776 c:\windows\ie8\iertutil.dll + 2009-06-07 07:41 . 2007-08-13 07:54 287744 c:\windows\ie8\ieproxy.dll - 2009-05-02 03:39 . 2007-08-13 07:54 287744 c:\windows\ie8\ieproxy.dll - 2009-05-02 03:39 . 2007-08-13 07:54 191488 c:\windows\ie8\iepeers.dll + 2009-06-07 07:41 . 2007-08-13 07:54 191488 c:\windows\ie8\iepeers.dll + 2009-06-07 07:41 . 2008-12-20 23:15 384512 c:\windows\ie8\iedkcs32.dll - 2009-05-02 03:39 . 2008-12-20 23:15 384512 c:\windows\ie8\iedkcs32.dll - 2009-05-02 03:39 . 2008-12-20 23:15 383488 c:\windows\ie8\ieapfltr.dll + 2009-06-07 07:41 . 2008-12-20 23:15 383488 c:\windows\ie8\ieapfltr.dll - 2009-05-02 03:39 . 2008-12-19 05:23 161792 c:\windows\ie8\ieakui.dll + 2009-06-07 07:41 . 2008-12-19 05:23 161792 c:\windows\ie8\ieakui.dll - 2009-05-02 03:39 . 2008-12-20 23:15 230400 c:\windows\ie8\ieaksie.dll + 2009-06-07 07:41 . 2008-12-20 23:15 230400 c:\windows\ie8\ieaksie.dll + 2009-06-07 07:41 . 2008-12-20 23:15 153088 c:\windows\ie8\ieakeng.dll - 2009-05-02 03:39 . 2008-12-20 23:15 153088 c:\windows\ie8\ieakeng.dll + 2009-06-07 07:41 . 2008-12-20 23:15 214528 c:\windows\ie8\dxtrans.dll - 2009-05-02 03:39 . 2008-12-20 23:15 214528 c:\windows\ie8\dxtrans.dll + 2009-06-07 07:41 . 2008-12-20 23:15 347136 c:\windows\ie8\dxtmsft.dll - 2009-05-02 03:39 . 2008-12-20 23:15 347136 c:\windows\ie8\dxtmsft.dll + 2009-06-07 07:41 . 2008-12-20 23:15 124928 c:\windows\ie8\advpack.dll - 2009-05-02 03:39 . 2008-12-20 23:15 124928 c:\windows\ie8\advpack.dll + 2008-10-28 05:25 . 2009-06-11 06:02 452496 c:\windows\Downloaded Program Files\wlscBase.dll + 2009-06-10 09:33 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll + 2009-06-10 09:33 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe + 2009-06-10 09:33 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll + 2009-06-10 09:35 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll + 2009-06-10 09:35 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe + 2009-06-10 09:33 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll + 2009-06-10 09:33 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe + 2009-06-10 09:35 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll + 2009-06-10 09:35 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe + 2009-06-10 09:35 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll + 2009-05-27 08:55 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB971180-IE8\update\updspapi.dll + 2009-05-27 08:55 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB971180-IE8\update\update.exe + 2009-05-27 08:55 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB971180-IE8\spuninst.exe + 2009-05-27 08:55 . 2009-05-12 05:11 102912 c:\windows\$hf_mig$\KB971180-IE8\SP3QFE\iecompat.dll + 2009-06-10 09:33 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll + 2009-06-10 09:33 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe + 2009-06-10 09:33 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe + 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll + 2009-06-10 09:35 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll + 2009-06-10 09:35 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe + 2009-06-10 09:35 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe + 2009-06-10 09:35 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll + 2009-06-10 09:35 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe + 2009-06-10 09:35 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe + 2009-06-10 09:25 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll + 2009-06-10 09:25 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll + 2009-06-10 09:25 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll + 2009-06-10 09:25 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe + 2009-06-10 09:33 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll + 2009-06-10 09:33 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe + 2009-06-10 09:33 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe + 2009-06-10 09:35 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll + 2009-06-10 09:35 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe + 2009-06-10 09:35 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe + 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll + 2007-07-27 12:00 . 2007-07-27 12:00 1326080 c:\windows\system32\webfldrs.msi + 2007-07-27 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll + 2007-07-27 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll + 2007-06-11 20:34 . 2007-06-11 20:34 2115816 c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2007-08-13 07:34 . 2009-03-07 18:32 1985024 c:\windows\system32\iertutil.dll + 2007-08-13 07:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll + 2008-10-25 10:08 . 2009-06-10 10:03 1508072 c:\windows\system32\FNTCACHE.DAT + 2009-06-21 02:52 . 2009-06-05 01:42 2060288 c:\windows\system32\DRVSTORE\usbaapl_872A2434B7205D4BD84BBE53811BDCE15F347D5B\usbaaplrc.dll + 2009-06-21 02:52 . 2009-06-05 01:42 1419232 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll + 2008-11-07 05:23 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys + 2007-07-27 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll + 2007-07-27 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll - 2008-11-10 07:45 . 2009-03-07 18:32 1985024 c:\windows\system32\dllcache\iertutil.dll + 2008-11-10 07:45 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll + 2009-06-04 11:51 . 2009-06-04 11:51 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll + 2009-06-04 11:45 . 2009-06-04 11:45 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe + 2009-06-04 11:55 . 2009-06-04 11:55 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll - 2009-02-25 09:35 . 2009-01-16 07:58 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2008-11-07 06:10 . 2007-07-27 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi + 2008-11-07 06:10 . 2007-07-27 12:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi + 2007-05-25 01:08 . 2007-05-25 01:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2008-10-25 02:11 . 2008-10-25 02:11 1479168 c:\windows\Installer\e1924.msi + 2009-03-13 11:43 . 2009-03-13 11:43 1659392 c:\windows\Installer\cad398.msi + 2009-06-21 02:56 . 2009-06-21 02:56 4074496 c:\windows\Installer\c87762.msi + 2009-06-21 02:54 . 2009-06-21 02:54 8992256 c:\windows\Installer\c8742f.msi + 2009-06-21 02:52 . 2009-06-21 02:52 3295232 c:\windows\Installer\c8719e.msi + 2009-04-24 02:31 . 2009-04-24 02:31 1425920 c:\windows\Installer\b64950.msp + 2009-05-17 04:58 . 2009-05-17 04:58 3162624 c:\windows\Installer\aa748f.msp + 2008-11-01 08:52 . 2008-11-01 08:52 1549312 c:\windows\Installer\9d06ce.msi + 2009-05-03 21:46 . 2009-05-03 21:46 8299008 c:\windows\Installer\8bcdb.msp + 2009-04-24 02:30 . 2009-04-24 02:30 2583552 c:\windows\Installer\8bcd2.msp + 2009-04-29 05:03 . 2009-04-29 05:03 8404992 c:\windows\Installer\8bcc8.msp + 2009-01-13 23:00 . 2009-01-13 23:00 2788864 c:\windows\Installer\858f9.msi + 2003-11-21 23:12 . 2003-11-21 23:12 5742416 c:\windows\Installer\67386d.msp + 2008-10-25 08:10 . 2008-10-25 08:10 2250752 c:\windows\Installer\67385d.msi + 2008-11-22 06:53 . 2008-11-22 06:53 4104704 c:\windows\Installer\5ceb4.msi + 2008-10-30 10:11 . 2008-10-30 10:11 1802752 c:\windows\Installer\4b2178.msi + 2008-12-07 10:35 . 2008-12-07 10:35 1516032 c:\windows\Installer\3a7f37.msi + 2008-12-07 10:30 . 2008-12-07 10:30 9628672 c:\windows\Installer\3a7f31.msi + 2009-03-29 09:26 . 2009-03-29 09:26 1840640 c:\windows\Installer\37b3f.msi + 2009-03-29 09:25 . 2009-03-29 09:25 1768448 c:\windows\Installer\37ae2.msi + 2009-03-31 07:35 . 2009-03-31 07:35 3037184 c:\windows\Installer\2ac13a.msi + 2009-03-31 07:33 . 2009-03-31 07:33 2485760 c:\windows\Installer\2ac127.msi + 2009-03-31 07:31 . 2009-03-31 07:31 2423808 c:\windows\Installer\2ac114.msi + 2009-03-31 07:29 . 2009-03-31 07:29 1786368 c:\windows\Installer\2ac101.msi + 2009-03-31 07:29 . 2009-03-31 07:29 1784832 c:\windows\Installer\2ac0fb.msi + 2009-03-31 07:29 . 2009-03-31 07:29 1786880 c:\windows\Installer\2ac0ee.msi + 2009-03-31 07:28 . 2009-03-31 07:28 1898496 c:\windows\Installer\2ac0b0.msi + 2008-12-12 22:57 . 2008-12-12 22:57 8397824 c:\windows\Installer\226986.msp + 2008-07-29 08:26 . 2008-07-29 08:26 1043456 c:\windows\Installer\219acf.msp + 2008-07-29 09:37 . 2008-07-29 09:37 2679808 c:\windows\Installer\219acd.msp + 2008-07-29 10:15 . 2008-07-29 10:15 3697664 c:\windows\Installer\219acb.msp + 2008-07-29 08:34 . 2008-07-29 08:34 1448448 c:\windows\Installer\219aca.msp + 2008-07-29 09:22 . 2008-07-29 09:22 4137984 c:\windows\Installer\219ac9.msp + 2008-07-29 08:18 . 2008-07-29 08:18 3376640 c:\windows\Installer\219ac8.msp + 2008-10-25 02:17 . 2009-03-25 08:07 2248192 c:\windows\Installer\2117d.msi + 2008-07-29 06:45 . 2008-07-29 06:45 2543616 c:\windows\Installer\1fdfa2.msp + 2008-07-29 06:29 . 2008-07-29 06:29 2926080 c:\windows\Installer\1fdfa1.msp + 2008-07-29 06:41 . 2008-07-29 06:41 6487040 c:\windows\Installer\1fdfa0.msp + 2008-07-29 06:39 . 2008-07-29 06:39 3403264 c:\windows\Installer\1fdf9f.msp + 2008-07-29 06:43 . 2008-07-29 06:43 1013248 c:\windows\Installer\1fdf9d.msp + 2008-07-29 06:31 . 2008-07-29 06:31 6083072 c:\windows\Installer\1fdf9a.msp + 2009-02-27 08:27 . 2009-02-27 08:27 3443712 c:\windows\Installer\1bebb8.msi + 2009-03-29 08:35 . 2009-03-29 08:35 1785344 c:\windows\Installer\1871a0.msi + 2009-03-29 08:34 . 2009-03-29 08:34 2435072 c:\windows\Installer\18719a.msi + 2009-03-29 08:33 . 2009-03-29 08:33 2437632 c:\windows\Installer\187194.msi + 2009-03-29 08:31 . 2009-03-29 08:31 2999808 c:\windows\Installer\18718e.msi + 2009-03-29 08:27 . 2009-03-29 08:27 1888256 c:\windows\Installer\187188.msi + 2009-03-29 08:20 . 2009-03-29 08:20 1727488 c:\windows\Installer\18716a.msi + 2009-03-29 08:20 . 2009-03-29 08:20 1765888 c:\windows\Installer\18715b.msi + 2009-03-29 08:20 . 2009-03-29 08:20 1784832 c:\windows\Installer\187156.msi + 2009-03-29 08:19 . 2009-03-29 08:19 1723904 c:\windows\Installer\187151.msi + 2009-03-29 08:19 . 2009-03-29 08:19 1763840 c:\windows\Installer\18714c.msi + 2009-03-29 08:19 . 2009-03-29 08:19 1728000 c:\windows\Installer\187147.msi + 2009-03-29 08:19 . 2009-03-29 08:19 1794560 c:\windows\Installer\187142.msi + 2009-03-29 08:19 . 2009-03-29 08:19 1891840 c:\windows\Installer\18713d.msi + 2009-03-29 08:18 . 2009-03-29 08:18 2084864 c:\windows\Installer\187137.msi + 2009-03-29 08:17 . 2009-03-29 08:17 1724928 c:\windows\Installer\187132.msi + 2009-03-29 08:17 . 2009-03-29 08:17 1885696 c:\windows\Installer\18712d.msi + 2009-03-29 08:17 . 2009-03-29 08:17 1786880 c:\windows\Installer\187128.msi + 2009-03-29 08:17 . 2009-03-29 08:17 1765376 c:\windows\Installer\187123.msi + 2009-03-29 08:16 . 2009-03-29 08:16 1733120 c:\windows\Installer\18711e.msi + 2009-03-29 08:16 . 2009-03-29 08:16 1722880 c:\windows\Installer\187119.msi + 2009-03-29 08:16 . 2009-03-29 08:16 1723904 c:\windows\Installer\187113.msi + 2009-03-29 08:16 . 2009-03-29 08:16 1722880 c:\windows\Installer\18710d.msi + 2009-03-29 08:16 . 2009-03-29 08:16 1751040 c:\windows\Installer\187107.msi + 2009-03-29 08:15 . 2009-03-29 08:15 1768448 c:\windows\Installer\187102.msi + 2009-03-29 08:15 . 2009-03-29 08:15 1766400 c:\windows\Installer\1870f8.msi + 2009-03-29 08:14 . 2009-03-29 08:14 2166272 c:\windows\Installer\1870f3.msi + 2009-03-29 08:13 . 2009-03-29 08:13 1722880 c:\windows\Installer\1870ee.msi + 2009-03-29 08:13 . 2009-03-29 08:13 1960960 c:\windows\Installer\1870e8.msi + 2009-03-29 08:13 . 2009-03-29 08:13 1786880 c:\windows\Installer\1870e3.msi + 2009-03-29 08:12 . 2009-03-29 08:12 1727488 c:\windows\Installer\1870d8.msi + 2009-03-29 08:12 . 2009-03-29 08:12 2602496 c:\windows\Installer\1870d3.msi + 2009-03-29 08:09 . 2009-03-29 08:09 1733632 c:\windows\Installer\1870ce.msi + 2009-03-29 08:09 . 2009-03-29 08:09 1736704 c:\windows\Installer\1870c9.msi + 2009-03-29 08:09 . 2009-03-29 08:09 1768448 c:\windows\Installer\1870c4.msi + 2009-03-29 08:08 . 2009-03-29 08:08 1759744 c:\windows\Installer\1870bf.msi + 2009-03-29 08:08 . 2009-03-29 08:08 1833472 c:\windows\Installer\1870ba.msi + 2009-03-29 08:08 . 2009-03-29 08:08 1723392 c:\windows\Installer\1870b5.msi + 2009-03-29 08:08 . 2009-03-29 08:08 1833984 c:\windows\Installer\1870b0.msi + 2009-03-29 08:03 . 2009-03-29 08:03 1792512 c:\windows\Installer\1870ab.msi + 2008-10-28 04:59 . 2008-10-28 04:59 8413184 c:\windows\Installer\1682ab.msp + 2008-09-04 04:52 . 2008-09-04 04:52 4337664 c:\windows\Installer\16829c.msp + 2008-01-14 03:26 . 2008-01-14 03:26 4478464 c:\windows\Installer\168280.msp + 2006-02-27 05:31 . 2006-02-27 05:31 1269248 c:\windows\Installer\168271.msp + 2006-03-28 04:37 . 2006-03-28 04:37 6956032 c:\windows\Installer\168263.msp + 2006-08-29 06:50 . 2006-08-29 06:50 3210240 c:\windows\Installer\168252.msp + 2004-03-09 22:13 . 2004-03-09 22:13 2602496 c:\windows\Installer\168230.msp + 2004-09-12 13:35 . 2004-09-12 13:35 1452544 c:\windows\Installer\168222.msp + 2008-06-11 09:13 . 2008-06-11 09:13 7988224 c:\windows\Installer\1681d4.msp + 2008-03-31 05:35 . 2008-03-31 05:35 8309760 c:\windows\Installer\1681c4.msp + 2009-06-30 11:40 . 2009-06-30 11:40 2265600 c:\windows\Installer\1604f0e.msi + 2009-03-29 09:40 . 2009-03-29 09:40 1769984 c:\windows\Installer\10bd64.msi + 2009-03-29 09:39 . 2009-03-29 09:39 1767424 c:\windows\Installer\10bd5a.msi + 2009-04-03 07:57 . 2009-04-03 07:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12CNV.DLL + 2009-06-10 09:35 . 2009-03-07 18:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll + 2009-06-10 09:35 . 2009-03-07 18:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll + 2009-06-10 09:35 . 2009-03-07 18:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll - 2009-05-02 03:39 . 2008-12-20 23:15 1160192 c:\windows\ie8\urlmon.dll + 2009-06-07 07:41 . 2008-12-20 23:15 1160192 c:\windows\ie8\urlmon.dll + 2009-06-07 07:41 . 2009-01-16 10:35 3594752 c:\windows\ie8\mshtml.dll - 2009-05-02 03:39 . 2009-01-16 10:35 3594752 c:\windows\ie8\mshtml.dll + 2009-06-07 07:41 . 2008-12-20 23:15 6066688 c:\windows\ie8\ieframe.dll - 2009-05-02 03:39 . 2008-12-20 23:15 6066688 c:\windows\ie8\ieframe.dll + 2009-06-07 07:41 . 2007-04-17 09:32 2455488 c:\windows\ie8\ieapfltr.dat - 2009-05-02 03:39 . 2007-04-17 09:32 2455488 c:\windows\ie8\ieapfltr.dat + 2008-10-25 02:16 . 2003-05-19 19:36 2250240 c:\windows\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.0.msi + 2009-06-10 09:33 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys + 2009-06-10 09:25 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll + 2009-06-10 09:25 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll + 2009-06-10 09:25 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll + 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys + 2008-11-10 07:09 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe + 2007-08-13 07:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll + 2008-11-10 07:45 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll + 2009-06-16 07:37 . 2009-06-16 07:37 18554368 c:\windows\Installer\d2d9d.msp + 2008-11-22 06:54 . 2008-11-22 06:54 10764800 c:\windows\Installer\5cebd.msi + 2009-03-31 07:44 . 2009-03-31 07:44 10935296 c:\windows\Installer\5cdd7c.msp + 2004-01-29 16:19 . 2004-01-29 16:19 56269996 c:\windows\Installer\5597b.msp + 2009-02-28 11:44 . 2009-02-28 11:44 15256576 c:\windows\Installer\25e148.msp + 2008-12-12 23:21 . 2008-12-12 23:21 10473472 c:\windows\Installer\226990.msp + 2009-04-03 21:35 . 2009-04-03 21:35 38325760 c:\windows\Installer\209ccd.msp + 2009-03-29 09:00 . 2009-03-29 09:00 11395584 c:\windows\Installer\19a3f9.msp + 2009-03-29 09:01 . 2009-03-29 09:01 20783104 c:\windows\Installer\19a3f8.msp + 2009-03-29 09:03 . 2009-03-29 09:03 40293888 c:\windows\Installer\19a3f7.msp + 2007-06-15 10:29 . 2007-06-15 10:29 37983232 c:\windows\Installer\187181.msp + 2009-03-29 08:26 . 2009-03-29 08:26 10476544 c:\windows\Installer\187180.msi + 2009-01-14 05:10 . 2009-01-14 05:10 34960896 c:\windows\Installer\151fbad.msi + 2009-02-28 06:36 . 2009-02-28 06:36 19210240 c:\windows\Installer\12fe5ff.msp + 2009-04-03 08:01 . 2009-04-03 08:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNV.EXE + 2009-06-10 09:35 . 2009-03-07 18:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll + 2009-05-01 05:22 . 2009-05-01 05:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2009-03-24 329040] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-08-20 65536] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008] c:\documents and settings\User\Start Menu\Programs\Startup\ Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2007-12-9 275968] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Xfire\\ua_lsp_inst.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Silkroad\\SilkErrSender.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\War3.exe"= "c:\\WINDOWS\\system32\\lxbxcoms.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\WorldBuilder.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Multiwinia\\multiwinia.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/12/2009 5:52 PM 64160] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [10/25/2008 11:37 AM 80392] R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [1/14/2009 9:01 AM 181584] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [1/14/2009 8:56 AM 36368] R3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [10/25/2008 12:12 PM 7040] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/15/2008 8:23 AM 335376] R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [10/25/2008 12:12 PM 1060224] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/19/2009 7:34 AM 1029456] S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/14/2009 9:00 AM 50192] S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [1/14/2009 9:01 AM 497008] S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [1/14/2009 9:01 AM 677128] S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [1/25/2009 6:56 PM 24944] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:40] 2009-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34] 2009-07-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] 2009-07-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 06:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html LSP: xfire_lsp_9028.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\cyuu8e8y.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\RealPlayer\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-11 19:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... ? [5312] ? [11036] ? [8884] ? [55532] ? [10632] scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,35,0d,9b,90,8b,e9,4f,b4,42,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,35,0d,9b,90,8b,e9,4f,b4,42,c4,\ [HKEY_USERS\S-1-5-21-448539723-1563985344-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-448539723-1563985344-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:61,45,7e,d3,87,18,13,40,02,ce,1e,bf,29,4c,a7,cc,9e,0d,0e,f5,8a, 5b,30,7a,56,f4,24,6e,64,c7,99,f8,a6,54,37,5a,de,25,65,d0,db,e6,5d,7c,70,82,\ "rkeysecu"=hex:08,ff,51,a5,fa,78,39,38,a4,92,e2,9a,b0,22,60,da . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1072) c:\windows\system32\xfire_lsp_9028.dll . Completion time: 2009-07-11 19:28 ComboFix-quarantined-files.txt 2009-07-11 09:28 ComboFix2.txt 2009-05-02 00:18 ComboFix3.txt 2009-04-08 09:15 ComboFix4.txt 2009-02-28 01:03 ComboFix5.txt 2009-05-24 10:14 Pre-Run: 386,244,034,560 bytes free Post-Run: 388,471,668,736 bytes free 709 --- E O F --- 2009-06-10 09:35
  5. https://www.virustotal.com/analisis/3bd94bd...42ab-1247194995 Antivirus Version Last Update Result a-squared 4.5.0.18 2009.07.10 - AhnLab-V3 5.0.0.2 2009.07.09 - AntiVir 7.9.0.204 2009.07.09 - Antiy-AVL 2.0.3.1 2009.07.09 - Authentium 5.1.2.4 2009.07.09 W32/Heuristic-210!Eldorado Avast 4.8.1335.0 2009.07.09 - AVG 8.5.0.387 2009.07.09 - BitDefender 7.2 2009.07.10 - CAT-QuickHeal 10.00 2009.07.09 - ClamAV 0.94.1 2009.07.09 Trojan.Packed-142 Comodo 1599 2009.07.10 UnclassifiedMalware DrWeb 5.0.0.12182 2009.07.10 - eSafe 7.0.17.0 2009.07.09 - eTrust-Vet 31.6.6606 2009.07.09 - F-Prot 4.4.4.56 2009.07.09 W32/Heuristic-210!Eldorado F-Secure 8.0.14470.0 2009.07.09 Suspicious:W32/Malware!Gemini Fortinet 3.117.0.0 2009.07.03 - GData 19 2009.07.10 - Ikarus T3.1.1.64.0 2009.07.10 - Jiangmin 11.0.706 2009.07.09 - K7AntiVirus 7.10.788 2009.07.09 - Kaspersky 7.0.0.125 2009.07.10 - McAfee 5671 2009.07.09 - McAfee+Artemis 5671 2009.07.09 Artemis!182AD2497EE0 McAfee-GW-Edition 6.8.5 2009.07.10 Heuristic.LooksLike.Win32.Suspicious.H Microsoft 1.4803 2009.07.09 - NOD32 4229 2009.07.09 - Norman 6.01.09 2009.07.09 W32/Smalltroj.NGYI nProtect 2009.1.8.0 2009.07.10 - Panda 10.0.0.14 2009.07.09 Suspicious file PCTools 4.4.2.0 2009.07.09 - Prevx 3.0 2009.07.10 - Rising 21.37.34.00 2009.07.09 - Sophos 4.43.0 2009.07.10 Sus/ComPack-C Sunbelt 3.2.1858.2 2009.07.10 - Symantec 1.4.4.12 2009.07.10 - TheHacker 6.3.4.3.363 2009.07.08 - TrendMicro 8.950.0.1094 2009.07.09 - VBA32 3.12.10.8 2009.07.10 - ViRobot 2009.7.10.1827 2009.07.09 - VirusBuster 4.6.5.0 2009.07.09 - Additional information File size: 3203120 bytes MD5...: 182ad2497ee04b5456ee9bab575fe2b8 SHA1..: d6f714ca09775deba01c3ea7fb148f98bc54bc06 SHA256: 3bd94bd59cdebc7a72cb9f9daeb6257795c1afe7fcfdd8a62f70b6563e0b42ab ssdeep: 49152:FHlyI02LlAQzki7aigchu1k2Q2Hwyzdkaux9Sj2FhEeB5lGZa8U0MtVJyg PNNU47:FHlyPSNEy5yzyRSj0EeFGZUttV0YNU8 PEiD..: - TrID..: File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x624014 timedatestamp.....: 0x49788a93 (Thu Jan 22 15:02:43 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 0x1000 0x59c000 0x204000 7.97 98239cc07712f66f6ed53bd99193a4f7 .rsrc 0x59d000 0x85638 0x5b000 7.85 58cd32d763476b1f3ddc19bb3664d656 .idata 0x623000 0x1000 0x1000 0.23 6f9190de3e5f641ff594cc4dc8502fcf Themida 0x624000 0x184000 0xad000 7.86 6d3b83441360a1e619cfe2c1defac887 ( 2 imports ) > KERNEL32.dll: CreateFileA, lstrcpy > COMCTL32.dll: InitCommonControls ( 3 exports ) ZtlTaskMemAllocImp, ZtlTaskMemFreeImp, ZtlTaskMemReallocImp PDFiD.: - RDS...: NSRL Reference Data Set - packers (Authentium): Themida packers (F-Prot): Themida 10/41
  6. File has already been analysed: MD5: 182ad2497ee04b5456ee9bab575fe2b8 First received: 2009.01.24 21:23:47 UTC Date: 2009.02.25 23:35:50 UTC [>133D] Results: 4/39 Permalink: analisis/3bd94bd59cdebc7a72cb9f9daeb6257795c1afe7fcfdd8a62f70b6563e0b42ab-1235604950 I have no idea what it means
  7. I got a .exe that i havn't been using for some time (MapleStory.exe) about four months ago. I got infected through my network from my sisters computer, though i'm pretty sure im clean, but i recently installed avast on my sisters computer(Trend-Micro wont install ) and it came up about one week after installing as Win32:Sality. So then on my computer, i went to http://virusscan.jotti.org/en and i scanned the MapleStory.exe in the folder C:\Nexon\MapleStory\ and i got three hits on the Jotti scan. I then scaned the .exe with Malwarebytes, but it came up with nothing. The last time i asked for help, i uploaded the file, but i won't this time, but will if u need me to. I would like some advice on what to do.
  8. Thanks for answering, i've uploaded the file (in ZIP) to http://uploads.malwarebytes.org/ and i will in future upload other files that Trend Mirco pick up as well.
  9. I'm not sure if this is the right place but on this game i had for quite a while, Trend Mirco has picked it up as a TROJ_Generic.DIT. Ad-Aware and Malwarebytes hasn't picked it up as anything yet so i'm just curious about this. I have attached a ZIP of the file, i'm not sure if u can tell me if its a trojan or not, but i'm gonna post anyway. MyTribe.zip MyTribe.zip
  10. I don't know if its just me or if its a problem, but sometimes at randowm points when i open Malwarebytes, it says that the database could not be found so i have to download it again. i am worried that i have a virus or a tojan becuase i recently did have a trojan but the last few weeks, my computer says that i am clean. i would like some help on wether this is normal and if this could be a threat.
  11. Hello, i had a Trojan before and malwarebyte removed it, but i seems to me that it came back i think because my computer is slower (i have to wait for it to load before it can execute programs properly). I also have Trend Mirco, but it doesn't work properly and there is no way to exit the program to run combofix properly. I also have hijack.regedit and hijack.taskmanager which malware byte picks up and can delete but i just comes back. I have Task Killer and have been tld to use FixPolitics but it doesn't work after you restart the computer. When i ran ComboFix today, after it done the stages, it said couln't run something because it wasn't a batch or something. I think my "Trojan" infected it already when i ran it. ComboFix log: ComboFix 09-03-31.01 - User 2009-04-01 15:52:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1545 [GMT 10:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated) FW: Trend Micro Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-29 19:40 . 2009-03-29 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-03-29 19:07 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll 2009-03-29 19:07 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe 2009-03-29 18:56 . 2009-03-29 18:56 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-03-15 19:34 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll 2009-03-15 19:34 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-31 23:30 --------- d-----w c:\program files\Lx_cats 2009-03-31 06:30 3,738 ----a-w c:\documents and settings\User\Application Data\wklnhst.dat 2009-03-29 09:13 --------- d-----w c:\program files\Common Files\Adobe 2009-02-23 08:12 40,000 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT 2009-02-14 02:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-14 00:44 --------- d-----w c:\program files\Windows Live Safety Center 2009-02-13 07:58 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-13 07:58 --------- d-----w c:\program files\EA GAMES 2009-02-11 00:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 00:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-07 00:50 --------- d-----w c:\program files\iTunes 2009-02-07 00:50 --------- d-----w c:\program files\iPod 2009-02-07 00:50 --------- d-----w c:\program files\Common Files\Apple 2009-02-07 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-07 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-02-07 00:49 --------- d-----w c:\program files\QuickTime 2009-02-06 10:28 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-05 07:03 --------- d-----w c:\program files\Lexmark 7100 Series 2009-02-05 07:02 --------- d-----w c:\program files\Microsoft Works 2009-02-05 07:01 --------- d-----w c:\program files\Metin2.us 2009-02-05 07:00 --------- d-----w c:\program files\PC Connectivity Solution 2009-02-05 07:00 --------- d-----w c:\program files\My Tribe 2009-02-05 06:27 --------- d-----w c:\documents and settings\All Users\Application Data\Trend Micro 2009-02-04 11:38 --------- d-----w c:\program files\Trend Micro 2009-02-04 10:50 --------- d-----w c:\documents and settings\User\Application Data\Malwarebytes 2009-02-04 10:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-10 212216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-01-27 29833347] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2009-01-27 301056] "LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-08-20 65536] "lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2004-08-26 188416] "FaxCenterServer4_in_1"="c:\program files\Lexmark 7100 Series\fm3032.exe" [2004-08-25 356352] "EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-08-25 131072] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 110658] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 491520] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 372008] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1818624] c:\documents and settings\User\Start Menu\Programs\Startup\ Bandwidth Meter.lnk - c:\program files\BandwidthMeter\BandwidthMeter.exe [2007-12-09 275968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 152992] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.tscc"= c:\docume~1\User\Desktop\linh\MpcStar\Codecs\tscc\tsccvid.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\WINDOWS\\system32\\dumprep.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"= "c:\\WINDOWS\\system32\\userinit.exe"= "c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"= "c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"= "c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\WINDOWS\\system32\\lxbxcoms.exe"= "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"= "c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"= "c:\\Program Files\\Trend Micro\\Internet Security\\UfNavi.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Trend Micro\\TrendSecure\\TISProToolbar\\PlatformDependent\\ProToolbarComm.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Microsoft Works\\WkDStore.exe"= "c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Lexmark 7100 Series\\fm3032.exe"= "c:\\Program Files\\BandwidthMeter\\BandwidthMeter.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"= "c:\\Program Files\\Trend Micro\\BM\\TMBMSRV.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"= "c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFPlatformCOMSvr.exe"= "c:\\ComboFix\\nircmd.com"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "10475:TCP"= 10475:TCP:BitComet 10475 TCP "10475:UDP"= 10475:UDP:BitComet 10475 UDP "58436:TCP"= 58436:TCP:Pando Media Booster "58436:UDP"= 58436:UDP:Pando Media Booster R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-04 181584] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-02-04 49680] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-08-15 36368] R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gnrnin.sys --> c:\windows\system32\drivers\gnrnin.sys [?] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-08-15 334352] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-10-24 238080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0217854c-a32b-11dd-856e-002215ca1588}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wiskcpy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3255fa90-d484-11dd-85c9-002215ca1588}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wokaye.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ea0947-ec26-11dd-8621-002215ca1588}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - HKCU-Run-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe HKLM-Run-UfSeAgnt.exe - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe HKU-Default-Run-OE - c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2h576wc2.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1233469709&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D943640088&id=64855 FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-01 15:54:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? LXBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1844237615-1343024091-1801674531-1003\Software\SecuROM\License information*] "datasecu"=hex:31,da,da,37,3b,76,3e,d3,73,16,26,51,07,40,a2,bd,e9,15,0f,27,63, 79,52,b8,52,02,33,ba,b7,6c,13,85,3e,27,e3,7b,d0,b3,0c,d0,fc,e8,cc,ad,08,cb,\ "rkeysecu"=hex:89,16,62,15,e9,99,34,d0,66,54,ab,b5,1c,45,da,58 . Completion time: 2009-04-01 15:56:21 ComboFix-quarantined-files.txt 2009-04-01 05:56:18 ComboFix2.txt 2009-02-27 08:26:31 Pre-Run: 426,397,032,448 bytes free Post-Run: 427,915,059,200 bytes free 203 --- E O F --- 2009-03-11 08:26:11 ComboFix.txt ComboFix.txt
  12. I already presses remove on malwarebyte but i keeps coming back. On fixpolicies.exe, i installed it, then ran the cmd, but after i rebooted the computer the hijack.regedit abd hijack.taskmanager still block my use of task manager and regedit.
  13. I can remove this thing that disables regedit and task manager. Log: Malwarebytes' Anti-Malware 1.34 Database version: 1757 Windows 5.1.2600 Service Pack 3 13/02/2009 6:11:50 PM mbam-log-2009-02-13 (18-11-44).txt Scan type: Quick Scan Objects scanned: 60303 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  14. can you explain to me on how to remove hijack.regedit and hijack.taskmanager. After i do a scan, it shows 2 objects detected, then i press remove, then i restart, but they are still there.
  15. I did a quick scan and i presses remove all, then it said to restart the computer, so i did, then after it restarted i scanned again but they were still there. Can some-one help me. BTW i hav 2 comps, one is mine(not infected) and my sisters(infected), hope this helps somehow.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.