Jump to content

Having problem getting rid of Trojan Vundo


Recommended Posts

I have reached the max of my limited ability, so I come here and request help. Mbam can remove all the obvious infections, but is not taking out the root problem. I have not been able to find where it is hiding at and do not want to start altering code in my computer causing greater problems. I am attaching a hijack this log from before I run mbam and a mbam log that I do a scan immediately after the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:22:52 AM, on 9/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\mace.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2bf9b7b6-ca18-4410-8989-4685e618b5be} - worusego.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

O4 - HKLM\..\Run: [masekolof] Rundll32.exe "c:\windows\system32\hidekeli.dll",a

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253367623000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O20 - AppInit_DLLs: dujiyera.dll c:\windows\system32\hidekeli.dll

O21 - SSODL: pukezetus - {96bd9e65-ff0b-4552-bcb8-50a2ece2b54c} - c:\windows\system32\hidekeli.dll

O22 - SharedTaskScheduler: kupuhivus - {96bd9e65-ff0b-4552-bcb8-50a2ece2b54c} - c:\windows\system32\hidekeli.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--

End of file - 6484 bytes

mbam after this hijackthis log

Malwarebytes' Anti-Malware 1.41

Database version: 2842

Windows 5.1.2600 Service Pack 3

9/23/2009 12:33:36 AM

mbam-log-2009-09-23 (00-33-36).txt

Scan type: Quick Scan

Objects scanned: 103618

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\hidekeli.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{96bd9e65-ff0b-4552-bcb8-50a2ece2b54c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\masekolof (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{96bd9e65-ff0b-4552-bcb8-50a2ece2b54c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pukezetus (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hidekeli.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hidekeli.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\hidekeli.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\daweyege.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fujewipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

thanks for any help or advice in advance :blink:

Link to post
Share on other sites

  • Staff

Hi,

First of all, please update MalwareBytes, because the databaseversion is outdated.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • In case you can't update the database via the update option, please download and install the database from here. Only do this when the update option doesn't work.
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Thank you for the response Miekiemoes :o I was beginning to get worried ;)

Every step was followed to the letter.

Malwarebytes' Anti-Malware 1.40

Database version: 2594

Windows 5.1.2600 Service Pack 3

8/10/2009 7:32:33 PM

mbam-log-2009-08-10 (19-32-33).txt

Scan type: Quick Scan

Objects scanned: 97582

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

C:\Program Files\lmyqvr\xpsesysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f64619ff-e19f-4016-bf9c-147cff821b46} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f64619ff-e19f-4016-bf9c-147cff821b46} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f64619ff-e19f-4016-bf9c-147cff821b46} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Program Files\lmyqvr\xpsesysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QSGCHKZ0\op[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55:53 PM, on 9/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253367623000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O20 - AppInit_DLLs: fonemike.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--

End of file - 5524 bytes

Link to post
Share on other sites

  • Staff

Hi,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll <= not required add-on, so this one can be fixed in HijackThis.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O20 - AppInit_DLLs: fonemike.dll

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

I see you posted a malwarebyteslog from 8/10/2009 7:32:33 PM - which is older than the first one you posted.

Please rescan and post the latest log ;)

Link to post
Share on other sites

Now that was embarssing... Let me rephrase what I said earlier. I performed all steps as instructed, except for a stupid and embarassing mistake and grabbed the wrong date log from Mbam memory....

The HijackThis, either O20 did not go away or it did not stay away after a restart. I will be trying again after I post this. The Mbam was run after the Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:35:16 PM, on 9/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10

Malwarebytes' Anti-Malware 1.41

Database version: 2873

Windows 5.1.2600 Service Pack 3

9/29/2009 1:27:17 PM

mbam-log-2009-09-29 (13-27-17).txt

Scan type: Quick Scan

Objects scanned: 104082

Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

Can you repost your HijackThislog? Because half of the log is missing.

In case the O20 won't get deleted, do next instead..

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know if that after a rescan with Hijackthis the O20 - AppInit_DLLs: fonemike.dll is gone.

Link to post
Share on other sites

This is post fix.reg. I came out correctly and I even double checked it to make sure nothing was corrupted during copy and paste. Unlike my log reports ;) fonemike is still there =/

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:07:51 PM, on 9/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6796.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1253367623000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O20 - AppInit_DLLs: fonemike.dll

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--

End of file - 5267 bytes

Link to post
Share on other sites

  • Staff

Ok,

Let's have a closer look....

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Lets see where I screwed up this step ;)

ComboFix 09-09-28.01 - Owner 09/29/2009 14:27.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1338 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\2e9dc.msp

c:\windows\system32\fonemike.dll

c:\windows\system32\kegojapa.dll

c:\windows\system32\lopivasa.dll

c:\windows\system32\vidajadu.dll

c:\windows\system32\wemafuni.dll

.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))

.

2009-09-29 16:46 . 2009-09-29 16:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital

2009-09-29 14:27 . 2009-09-29 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WD_SmartWareCommon

2009-09-29 14:22 . 2009-09-29 14:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital

2009-09-29 14:22 . 2009-09-29 14:22 -------- d-----w- c:\program files\Western Digital

2009-09-29 14:20 . 2009-02-13 17:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2009-09-28 18:20 . 2008-04-14 10:42 10752 ------w- c:\windows\system32\smtpapi.dll

2009-09-28 18:20 . 2008-04-14 10:42 9728 ------w- c:\windows\system32\rwnh.dll

2009-09-28 18:20 . 2008-04-14 10:41 81920 ------w- c:\windows\system32\ieencode.dll

2009-09-28 18:13 . 2009-09-28 18:13 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-09-28 18:11 . 2009-09-29 03:25 -------- d-----w- C:\2b427de958bf8c0a97536841

2009-09-28 17:47 . 2009-09-28 17:47 -------- d-----w- C:\single

2009-09-27 14:38 . 2009-09-27 14:38 -------- d-----w- c:\program files\Microsoft Easy Assist

2009-09-27 14:37 . 2009-09-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications

2009-09-26 13:55 . 2009-09-26 13:55 -------- d-----w- c:\program files\MozBackup

2009-09-25 17:58 . 2009-09-25 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

2009-09-25 17:58 . 2009-09-25 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest

2009-09-25 17:57 . 2009-09-29 14:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western Digital

2009-09-23 06:00 . 2009-09-23 06:00 -------- d-----w- C:\VundoFix Backups

2009-09-23 05:54 . 2009-09-23 05:54 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-22 18:21 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-22 01:41 . 2009-09-22 04:10 17440 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-09-22 01:41 . 2009-09-22 04:10 172064 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-22 01:37 . 2009-09-22 03:51 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-09-22 01:37 . 2009-09-22 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-09-22 01:37 . 2009-09-22 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

2009-09-22 01:32 . 2009-09-22 01:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations

2009-09-21 22:32 . 2007-11-28 03:56 91328 ----a-w- c:\windows\system32\drivers\msfwdrv.sys

2009-09-21 22:32 . 2007-11-28 03:56 116416 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys

2009-09-21 22:31 . 2008-05-15 21:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2009-09-21 22:27 . 2009-09-27 03:29 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-09-21 20:38 . 2009-09-21 22:27 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-20 21:52 . 2009-09-20 21:52 -------- d-----w- c:\program files\Trend Micro

2009-09-17 22:51 . 2009-09-17 22:55 -------- d-----w- c:\windows\system32\Adobe

2009-09-14 17:33 . 2009-09-14 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine

2009-09-14 17:33 . 2009-09-14 17:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine

2009-09-14 03:51 . 2009-09-14 03:51 -------- d-----w- c:\program files\Turbine

2009-09-13 23:12 . 2009-09-18 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files

2009-09-13 23:12 . 2009-09-13 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-09-13 23:12 . 2009-09-13 23:12 -------- d-----w- c:\program files\Pando Networks

2009-09-12 16:45 . 2009-09-12 16:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo

2009-09-12 16:44 . 2009-09-12 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-12 16:44 . 2009-09-12 16:44 -------- d-----w- c:\program files\Yahoo!

2009-09-09 13:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-01 16:41 . 2009-09-08 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BearShare

2009-09-01 16:41 . 2009-09-01 16:41 -------- d-----w- c:\program files\BearShare Applications

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 18:53 . 2008-08-17 23:33 21534 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat

2009-09-27 18:42 . 2009-08-22 22:39 -------- d-----w- c:\program files\MSECache

2009-09-23 17:35 . 2008-05-08 04:39 38568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-23 16:59 . 2008-05-08 07:12 -------- d-----w- c:\program files\Microsoft Works

2009-09-23 05:54 . 2008-05-08 07:07 -------- d-----w- c:\program files\Java

2009-09-22 04:10 . 2009-09-22 01:41 3380 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-22 04:10 . 2009-09-22 01:41 2708 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-09-20 22:34 . 2009-05-22 23:59 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-19 13:27 . 2009-02-02 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-10 19:54 . 2009-02-02 22:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-02-02 22:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 22:21 . 2008-11-09 03:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-09-03 15:58 . 2009-08-09 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink

2009-08-23 00:28 . 2005-01-10 01:26 38568 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-11 00:32 . 2009-08-11 00:16 -------- d-----w- c:\program files\lmyqvr

2009-08-11 00:01 . 2009-08-10 20:43 -------- d-----w- c:\program files\PrivacyCenter

2009-08-10 23:26 . 2009-08-10 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2009-08-09 00:26 . 2009-08-09 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2009-08-05 09:01 . 2008-08-28 12:06 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2008-08-28 12:06 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 02:08 . 2009-07-15 02:08 295 ----a-w- c:\windows\EReg072.dat

2009-07-14 04:43 . 2008-03-16 02:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2008-03-16 02:55 915456 ------w- c:\windows\system32\wininet.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-06-19 16:21 . 2009-06-19 16:21 51200 --sha-w- c:\windows\system32\zerejuhu.dll.tmp

.

((((((((((((((((((((((((((((( SnapShot@2009-09-20_22.36.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-14 10:42 . 2008-04-14 10:42 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

+ 2009-07-12 00:41 . 2009-07-12 00:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

- 2009-05-20 20:36 . 2009-02-24 19:35 88824 c:\windows\system32\vxblock.dll

+ 2007-03-26 06:00 . 2007-03-26 06:00 88824 c:\windows\system32\vxblock.dll

+ 2008-05-08 07:01 . 2007-04-09 18:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2008-05-08 07:01 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll

+ 2008-05-08 07:01 . 2007-04-09 18:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2009-09-28 18:18 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\processr.sys

+ 2009-09-28 18:19 . 2008-04-13 18:31 35840 c:\windows\system32\ReinstallBackups\0016\DriverFiles\i386\processr.sys

+ 2009-09-29 14:22 . 2009-02-13 19:02 11520 c:\windows\system32\ReinstallBackups\0014\DriverFiles\wdcsam.sys

+ 2008-02-13 22:16 . 2008-02-13 22:16 66032 c:\windows\system32\pxinsa64.exe

+ 2008-02-13 22:17 . 2008-02-13 22:17 66544 c:\windows\system32\pxcpya64.exe

- 2005-01-09 23:48 . 2009-04-15 15:15 71060 c:\windows\system32\perfc009.dat

+ 2005-01-09 23:48 . 2009-09-28 17:38 71060 c:\windows\system32\perfc009.dat

+ 2008-05-08 07:01 . 2007-04-09 18:23 28040 c:\windows\system32\mdimon.dll

+ 2003-09-04 19:14 . 2003-09-04 19:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe

+ 2007-03-23 00:17 . 2007-03-23 00:17 35440 c:\windows\system32\FM20ENU.DLL

+ 2009-09-29 14:22 . 2009-02-13 17:02 14464 c:\windows\system32\DRVSTORE\wdcsam_FBC55413B10A1CDD378E9E9377B4222CCA25AB1B\wdcsam64.sys

+ 2009-09-29 14:22 . 2009-02-13 17:02 11520 c:\windows\system32\DRVSTORE\wdcsam_FBC55413B10A1CDD378E9E9377B4222CCA25AB1B\wdcsam.sys

+ 2009-09-21 22:32 . 2007-11-28 03:56 91328 c:\windows\system32\DRVSTORE\msfwdrv_8B7A77566FDBAD6964DFFFCFFDA27E97D55990D5\msfwdrv.sys

+ 2009-09-21 22:31 . 2008-05-15 21:15 53168 c:\windows\system32\DRVSTORE\mpfilter_7624CBE7EF3BB21A52F29BE608459E93D0D31F4C\mpfilter.sys

+ 2008-02-13 22:16 . 2008-02-13 22:16 68080 c:\windows\system32\drvins64.exe

- 2005-01-10 01:06 . 2009-02-24 19:35 43528 c:\windows\system32\drivers\pxhelp20.sys

+ 2008-02-13 08:00 . 2008-02-13 08:00 43528 c:\windows\system32\drivers\pxhelp20.sys

+ 2009-09-29 03:26 . 2009-09-29 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-29 03:26 . 2009-09-29 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009092820090929\index.dat

- 2005-01-10 01:17 . 2009-09-18 04:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2005-01-10 01:17 . 2009-09-29 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-09-29 03:26 . 2009-09-29 03:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2005-01-10 01:17 . 2009-09-18 04:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-09-21 22:31 . 2009-09-21 22:31 24064 c:\windows\Installer\1bb34b1.msi

+ 2009-09-21 22:31 . 2009-09-21 22:31 28160 c:\windows\Installer\1bb34a5.msi

- 2008-05-08 07:01 . 2008-05-17 09:12 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-09-27 18:42 . 2009-09-27 18:42 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2009-09-21 22:29 . 2009-09-21 22:29 10134 c:\windows\Installer\{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}\ARPPRODUCTICON.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe

- 2009-05-21 15:20 . 2009-05-21 15:20 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe

+ 2009-05-21 15:20 . 2009-09-29 13:50 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe

+ 2008-05-08 07:01 . 2008-05-08 07:01 64088 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL

+ 2003-07-15 05:53 . 2003-07-15 05:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2003-07-15 05:57 . 2003-07-15 05:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-07-15 05:44 . 2003-07-15 05:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2003-05-09 04:54 . 2003-05-09 04:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 05:42 . 2003-07-15 05:42 37432 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RECALL.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL

+ 2003-07-15 05:43 . 2003-07-15 05:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 05:56 . 2003-07-15 05:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-07-15 05:45 . 2003-07-15 05:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-07-15 05:45 . 2003-07-15 05:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 05:46 . 2003-07-15 05:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 05:53 . 2003-07-15 05:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2003-07-15 05:44 . 2003-07-15 05:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 05:52 . 2003-07-15 05:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-07-15 05:51 . 2003-07-15 05:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2003-07-15 05:41 . 2003-07-15 05:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FINDER.EXE

+ 2003-07-15 05:57 . 2003-07-15 05:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2003-07-15 05:56 . 2003-07-15 05:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-15 05:53 . 2003-07-15 05:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2009-09-23 16:57 . 2009-09-23 16:57 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-08-17 05:07 . 2008-04-14 10:42 7680 c:\windows\system32\spdwnwxp.exe

- 2008-08-17 05:07 . 2008-04-14 00:12 7680 c:\windows\system32\spdwnwxp.exe

+ 2007-02-02 08:00 . 2007-02-02 08:00 9464 c:\windows\system32\drivers\cdralw2k.sys

- 2004-11-11 00:30 . 2009-02-24 19:35 9464 c:\windows\system32\drivers\cdralw2k.sys

+ 2007-02-02 08:00 . 2007-02-02 08:00 9336 c:\windows\system32\drivers\cdr4_xp.sys

- 2004-11-11 00:27 . 2009-02-24 19:35 9336 c:\windows\system32\drivers\cdr4_xp.sys

+ 2008-05-08 07:01 . 2009-09-25 14:56 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe

- 2008-08-17 05:05 . 2008-04-13 18:26 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc

0\rtcres.dll

+ 2008-04-14 04:56 . 2008-04-14 04:56 132096 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc

0\rtcres.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 991232 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 853504 c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 343040 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 401462 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 995383 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

- 2008-08-28 12:07 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll

+ 2008-08-28 12:07 . 2008-04-14 10:42 121856 c:\windows\system32\xmllite.dll

+ 2008-05-08 07:01 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll

+ 2009-02-02 23:38 . 2008-04-14 10:42 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll

- 2009-02-02 23:38 . 2008-07-06 12:06 373248 c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll

+ 2008-05-08 07:01 . 2007-04-09 18:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2009-09-28 18:19 . 2008-04-13 16:36 144384 c:\windows\system32\ReinstallBackups\0013\DriverFiles\hdaudbus.sys

+ 2007-07-05 22:55 . 2007-07-05 22:55 158192 c:\windows\system32\pxwma.dll

+ 2007-07-05 22:55 . 2007-07-05 22:55 379376 c:\windows\system32\PxWave.dll

+ 2007-07-05 22:55 . 2007-07-05 22:55 186864 c:\windows\system32\PxMas.dll

+ 2008-02-13 22:16 . 2008-02-13 22:16 121328 c:\windows\system32\pxinsi64.exe

+ 2007-06-07 06:02 . 2007-06-07 06:02 535288 c:\windows\system32\pxdrv.dll

+ 2008-02-13 22:17 . 2008-02-13 22:17 120304 c:\windows\system32\pxcpyi64.exe

+ 2007-07-05 22:55 . 2007-07-05 22:55 567792 c:\windows\system32\Px.dll

+ 2005-01-09 23:48 . 2009-09-28 17:38 441124 c:\windows\system32\perfh009.dat

- 2005-01-09 23:48 . 2009-04-15 15:15 441124 c:\windows\system32\perfh009.dat

+ 2009-09-23 05:54 . 2009-09-23 05:54 149280 c:\windows\system32\javaws.exe

+ 2009-09-23 05:54 . 2009-09-23 05:54 145184 c:\windows\system32\javaw.exe

+ 2009-09-23 05:54 . 2009-09-23 05:54 145184 c:\windows\system32\java.exe

- 2008-08-17 05:05 . 2008-04-14 00:12 189440 c:\windows\system32\inetsrv\smtpadm.dll

+ 2009-09-28 18:20 . 2008-04-14 10:42 189440 c:\windows\system32\inetsrv\smtpadm.dll

+ 2009-09-28 18:20 . 2008-04-14 10:42 221696 c:\windows\system32\inetsrv\seo.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 221696 c:\windows\system32\inetsrv\seo.dll

+ 2005-01-09 16:59 . 2009-09-23 17:34 180240 c:\windows\system32\FNTCACHE.DAT

- 2005-01-09 16:59 . 2009-08-23 00:28 180240 c:\windows\system32\FNTCACHE.DAT

+ 2009-09-21 22:32 . 2007-11-28 03:56 116416 c:\windows\system32\DRVSTORE\msfwhlpr_0D06EB3A0072EC31805FD097692DFF987F98BDA6\msfwhlpr.sys

+ 2009-09-22 01:40 . 2009-02-18 19:41 186128 c:\windows\system32\drivers\klif.sys

+ 2009-09-23 05:54 . 2009-09-23 05:54 537600 c:\windows\Installer\c435e.msi

+ 2009-09-27 18:42 . 2009-09-27 18:42 355328 c:\windows\Installer\9a2864.msi

+ 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\2e9c8.msp

+ 2009-09-23 16:55 . 2009-09-23 16:55 248832 c:\windows\Installer\2b7a3.msi

+ 2009-09-27 14:38 . 2009-09-27 14:38 158720 c:\windows\Installer\2790bd.msi

+ 2009-09-21 22:32 . 2009-09-21 22:32 740352 c:\windows\Installer\1bb34b7.msi

+ 2009-09-21 22:31 . 2009-09-21 22:31 463360 c:\windows\Installer\1bb34ab.msi

+ 2009-09-21 22:31 . 2009-09-21 22:31 526336 c:\windows\Installer\1bb349f.msi

+ 2009-09-21 22:31 . 2009-09-21 22:31 592384 c:\windows\Installer\1bb3487.msi

+ 2009-09-21 22:29 . 2009-09-21 22:29 301056 c:\windows\Installer\1bb347a.msi

+ 2009-09-29 14:22 . 2009-09-29 14:22 271542 c:\windows\Installer\{DD7A785B-45C9-4DDB-A726-0889F7A9C006}\controlPanelIcon.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-05-08 07:01 . 2009-09-25 14:56 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-05-08 07:01 . 2008-05-17 09:12 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-05-08 07:13 . 2009-09-23 16:59 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe

- 2008-05-08 07:13 . 2008-05-08 07:13 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe

+ 2003-07-21 18:46 . 2003-07-21 18:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL

+ 2003-07-15 10:18 . 2003-07-15 10:18 430136 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL

+ 2003-07-08 18:48 . 2003-07-08 18:48 115288 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL

+ 2003-07-15 05:44 . 2003-07-15 05:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2003-07-15 10:14 . 2003-07-15 10:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2008-05-08 07:01 . 2008-05-08 07:01 223800 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL

+ 2003-07-15 06:00 . 2003-07-15 06:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 2003-06-19 23:05 . 2003-06-19 23:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 10:18 . 2003-07-15 10:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-15 05:57 . 2003-07-15 05:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2002-04-10 03:14 . 2002-04-10 03:14 187560 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL

+ 2002-12-18 02:08 . 2002-12-18 02:08 359600 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL

+ 2003-07-15 05:58 . 2003-07-15 05:58 230968 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-07-15 05:46 . 2003-07-15 05:46 176696 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 443904 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-07-15 05:40 . 2003-07-15 05:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL

+ 2003-07-15 05:40 . 2003-07-15 05:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2005-08-22 19:16 . 2005-08-22 19:16 929792 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20987_wkwpqd.dll

+ 2005-08-22 19:18 . 2005-08-22 19:18 147456 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20985_wkwpqrtf.dll

+ 2005-08-18 11:11 . 2005-08-18 11:11 225280 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20963_wkssole.dll

+ 2009-09-09 08:37 . 2009-09-09 08:37 452488 c:\windows\Downloaded Program Files\wlscBase.dll

+ 2007-06-01 17:48 . 2007-06-01 17:48 393640 c:\windows\Downloaded Program Files\MSDcode.dll

+ 2009-09-23 16:56 . 2009-09-23 16:56 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-04-14 10:42 . 2008-04-14 10:42 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

+ 2008-04-14 10:42 . 2008-04-14 10:42 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

- 2008-08-17 05:05 . 2008-04-14 00:12 1011774 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

+ 2008-08-17 05:05 . 2008-04-14 00:12 1054208 c:\windows\WinSxS\InstallTemp\933456\comctl32.dll

+ 2007-07-05 22:55 . 2007-07-05 22:55 1649136 c:\windows\system32\PxSFS.DLL

+ 2008-08-17 05:06 . 2008-04-14 10:42 1306624 c:\windows\system32\msxml6.dll

+ 2007-06-06 15:53 . 2007-06-06 15:53 1195888 c:\windows\system32\FM20.DLL

+ 2008-08-17 05:06 . 2008-04-14 10:42 1306624 c:\windows\system32\dllcache\msxml6.dll

+ 2009-09-29 14:22 . 2009-09-29 14:22 1067520 c:\windows\Installer\3db95.msi

+ 2009-04-23 22:57 . 2009-04-23 22:57 7672832 c:\windows\Installer\2e9b6.msp

+ 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\2e9a3.msp

+ 2005-10-26 19:59 . 2005-10-26 19:59 2883072 c:\windows\Installer\2b8e1.msp

+ 2009-08-25 19:57 . 2009-08-25 19:57 5518336 c:\windows\Installer\2b8ce.msp

+ 2009-04-22 20:14 . 2009-04-22 20:14 4869632 c:\windows\Installer\2b8bb.msp

+ 2009-09-29 13:50 . 2009-09-29 13:50 1659392 c:\windows\Installer\23ba93d.msi

+ 2009-09-21 22:29 . 2009-09-21 22:29 1013248 c:\windows\Installer\1bb3480.msi

+ 2007-05-09 22:19 . 2007-05-09 22:19 2585936 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\VBE6.DLL

+ 2003-08-03 17:52 . 2003-08-03 17:52 2808376 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2003-07-07 20:36 . 2003-07-07 20:36 2058343 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT

+ 2003-07-15 06:05 . 2003-07-15 06:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-06-19 00:31 . 2003-06-19 00:31 1033216 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-07-11 09:15 . 2003-07-11 09:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL

+ 2002-12-18 02:09 . 2002-12-18 02:09 2071752 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL

+ 2002-12-18 02:08 . 2002-12-18 02:08 1383592 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL

+ 2005-08-18 11:36 . 2005-08-18 11:36 2023424 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F22194_wksssdb.dll

+ 2004-08-04 08:57 . 2004-08-04 08:57 1712128 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20954_gdiplus.dll

+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\2e9da.msp

+ 2007-05-31 18:37 . 2007-05-31 18:37 12310368 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE

+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\2b89e.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"tosotijisi"="lopivasa.dll" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WDSmartWareBackgroundService"=2 (0x2)

"WDDMService"=2 (0x2)

"PrismXL"=2 (0x2)

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

"c:\\WINDOWS\\ehome\\ehtray.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\Microsoft Windows OneCare Live\\Antivirus\\MsMpEng.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"58013:TCP"= 58013:TCP:Pando Media Booster

"58013:UDP"= 58013:UDP:Pando Media Booster

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 10:52 AM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/29/2009 9:20 AM 11520]

S3 EraserUtilDrv10821;EraserUtilDrv10821;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5stbqow2.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{2bf9b7b6-ca18-4410-8989-4685e618b5be} - wemafuni.dll

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-29 14:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-985126656-3141293806-1862347675-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3520)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Microsoft Windows OneCare Live\winss.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\program files\Microsoft Windows OneCare Live\winssnotify.exe

.

**************************************************************************

.

Completion time: 2009-09-29 14:46 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-29 19:46

ComboFix2.txt 2009-09-21 14:30

ComboFix3.txt 2009-09-20 22:41

Pre-Run: 223,209,779,200 bytes free

Post-Run: 223,208,013,824 bytes free

480 --- E O F --- 2009-09-23 16:59

Link to post
Share on other sites

  • Staff

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

File::

c:\windows\system32\zerejuhu.dll.tmp

Dirlook::

c:\program files\lmyqvr

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"tosotijisi"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\drivers\\svchost.exe"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

Thank you so much for your help today Miekiemoes! After this posting I need to go to sleep so I will be able to make it through work. I will follow your next step in about 16 hours. Once again thank you for your continued efforts ;)

ComboFix 09-09-28.01 - Owner 09/29/2009 15:06.4.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1374 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

FILE ::

"c:\windows\system32\zerejuhu.dll.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\zerejuhu.dll.tmp

.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))

.

2009-09-29 16:46 . 2009-09-29 16:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western_Digital

2009-09-29 14:27 . 2009-09-29 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WD_SmartWareCommon

2009-09-29 14:22 . 2009-09-29 14:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Western Digital

2009-09-29 14:22 . 2009-09-29 14:22 -------- d-----w- c:\program files\Western Digital

2009-09-29 14:20 . 2009-02-13 17:02 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys

2009-09-28 18:20 . 2008-04-14 10:42 10752 ------w- c:\windows\system32\smtpapi.dll

2009-09-28 18:20 . 2008-04-14 10:42 9728 ------w- c:\windows\system32\rwnh.dll

2009-09-28 18:20 . 2008-04-14 10:41 81920 ------w- c:\windows\system32\ieencode.dll

2009-09-28 18:13 . 2009-09-28 18:13 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-09-28 18:11 . 2009-09-29 03:25 -------- d-----w- C:\2b427de958bf8c0a97536841

2009-09-28 17:47 . 2009-09-28 17:47 -------- d-----w- C:\single

2009-09-27 14:38 . 2009-09-27 14:38 -------- d-----w- c:\program files\Microsoft Easy Assist

2009-09-27 14:37 . 2009-09-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications

2009-09-26 13:55 . 2009-09-26 13:55 -------- d-----w- c:\program files\MozBackup

2009-09-25 17:58 . 2009-09-25 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital

2009-09-25 17:58 . 2009-09-25 17:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest

2009-09-25 17:57 . 2009-09-29 14:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Western Digital

2009-09-23 06:00 . 2009-09-23 06:00 -------- d-----w- C:\VundoFix Backups

2009-09-23 05:54 . 2009-09-23 05:54 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-22 18:21 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-22 01:41 . 2009-09-22 04:10 17440 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-09-22 01:41 . 2009-09-22 04:10 172064 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-22 01:37 . 2009-09-22 03:51 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-09-22 01:37 . 2009-09-22 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-09-22 01:37 . 2009-09-22 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS

2009-09-22 01:32 . 2009-09-22 01:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations

2009-09-21 22:32 . 2007-11-28 03:56 91328 ----a-w- c:\windows\system32\drivers\msfwdrv.sys

2009-09-21 22:32 . 2007-11-28 03:56 116416 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys

2009-09-21 22:31 . 2008-05-15 21:15 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2009-09-21 22:27 . 2009-09-27 03:29 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2009-09-21 20:38 . 2009-09-21 22:27 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-20 21:52 . 2009-09-20 21:52 -------- d-----w- c:\program files\Trend Micro

2009-09-17 22:51 . 2009-09-17 22:55 -------- d-----w- c:\windows\system32\Adobe

2009-09-14 17:33 . 2009-09-14 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine

2009-09-14 17:33 . 2009-09-14 17:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine

2009-09-14 03:51 . 2009-09-14 03:51 -------- d-----w- c:\program files\Turbine

2009-09-13 23:12 . 2009-09-18 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files

2009-09-13 23:12 . 2009-09-13 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-09-13 23:12 . 2009-09-13 23:12 -------- d-----w- c:\program files\Pando Networks

2009-09-12 16:45 . 2009-09-12 16:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo

2009-09-12 16:44 . 2009-09-12 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-12 16:44 . 2009-09-12 16:44 -------- d-----w- c:\program files\Yahoo!

2009-09-09 13:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-01 16:41 . 2009-09-08 01:06 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\BearShare

2009-09-01 16:41 . 2009-09-01 16:41 -------- d-----w- c:\program files\BearShare Applications

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-27 18:53 . 2008-08-17 23:33 21534 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat

2009-09-27 18:42 . 2009-08-22 22:39 -------- d-----w- c:\program files\MSECache

2009-09-23 17:35 . 2008-05-08 04:39 38568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-23 16:59 . 2008-05-08 07:12 -------- d-----w- c:\program files\Microsoft Works

2009-09-23 05:54 . 2008-05-08 07:07 -------- d-----w- c:\program files\Java

2009-09-22 04:10 . 2009-09-22 01:41 3380 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-22 04:10 . 2009-09-22 01:41 2708 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-09-20 22:34 . 2009-05-22 23:59 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-19 13:27 . 2009-02-02 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-10 19:54 . 2009-02-02 22:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-02-02 22:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 22:21 . 2008-11-09 03:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2009-09-03 15:58 . 2009-08-09 00:26 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink

2009-08-23 00:28 . 2005-01-10 01:26 38568 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-11 00:32 . 2009-08-11 00:16 -------- d-----w- c:\program files\lmyqvr

2009-08-11 00:01 . 2009-08-10 20:43 -------- d-----w- c:\program files\PrivacyCenter

2009-08-10 23:26 . 2009-08-10 23:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2009-08-09 00:26 . 2009-08-09 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2009-08-05 09:01 . 2008-08-28 12:06 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2008-08-28 12:06 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 02:08 . 2009-07-15 02:08 295 ----a-w- c:\windows\EReg072.dat

2009-07-14 04:43 . 2008-03-16 02:55 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2008-03-16 02:55 915456 ------w- c:\windows\system32\wininet.dll

2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\program files\lmyqvr ----

((((((((((((((((((((((((((((( SnapShot_2009-09-29_19.38.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-29 19:39 . 2009-09-29 19:39 16384 c:\windows\temp\Perflib_Perfdata_748.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]

WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk

backup=c:\windows\pss\WDDMStatus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk

backup=c:\windows\pss\WDSmartWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WDSmartWareBackgroundService"=2 (0x2)

"WDDMService"=2 (0x2)

"PrismXL"=2 (0x2)

"ose"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"idsvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"ATI Smart"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

"c:\\WINDOWS\\ehome\\ehtray.exe"=

"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Program Files\\Microsoft Windows OneCare Live\\Antivirus\\MsMpEng.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"58013:TCP"= 58013:TCP:Pando Media Booster

"58013:UDP"= 58013:UDP:Pando Media Booster

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 10:52 AM 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/29/2009 9:20 AM 11520]

S3 EraserUtilDrv10821;EraserUtilDrv10821;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5stbqow2.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-29 15:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-985126656-3141293806-1862347675-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-09-29 15:14

ComboFix-quarantined-files.txt 2009-09-29 20:14

ComboFix2.txt 2009-09-29 19:47

ComboFix3.txt 2009-09-21 14:30

ComboFix4.txt 2009-09-20 22:41

Pre-Run: 223,226,515,456 bytes free

Post-Run: 223,208,488,960 bytes free

233 --- E O F --- 2009-09-23 16:59

Link to post
Share on other sites

  • Staff

Hi,

THis looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Extra note, please install an Antivirus, because running without an Antivirus is a bad idea. But you can do that tomorrow ;)

Let me know in your next reply (tomorrow) how things are now.

Have a good night :o

Link to post
Share on other sites

  • Staff

Hi,

Windows Live is actually pretty good though... It has improved a lot recently and I even see it detecting malware other scanners don't detect. But if you really have doubts, take a look on this page for the ones I recommend: http://users.telenet.be/bluepatchy/miekiemoes/Links.html

For example Avira is a great Free Antivirus.

Keep in mind that an Antivirus can't prevent all malware. That's why... Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again! :D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.