Jump to content

malwarebytes won't run / HijackThis log results


Recommended Posts

I tried to install malwarebytes but it couldn't locate the mbam.exe file. Below is what I got from HijackThis scan. Please help! Thank you.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:33:58 PM, on 10/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\AOL\1132883330\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BTWLANDP.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Andrew Cochran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Andrew Cochran\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycorplink.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132883330\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [tujeloyuf] Rundll32.exe "c:\windows\system32\mevozeha.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew Cochran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1\Content.IE5\H6JQEJCY.SH! c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1\Content.IE5\FSVCDX6U.SH! c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1\Content.IE5\BJHWXTYA.SH! c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1\Content.IE5\5X8L6S36.SH! c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\ANDREW~1\LOCALS~1\temp\TEMPOR~1.SH!

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: c:\windows\system32\zekoliwe.dll c:\windows\system32\zigehuze.dll vayihufi.dll c:\windows\system32\mevozeha.dll

O21 - SSODL: zogerivap - {e43045d8-1721-4db9-94a0-dbd758e882ff} - (no file)

O21 - SSODL: wujubafer - {cb87f816-d5e6-4f18-947d-8170ded70245} - c:\windows\system32\zigehuze.dll (file missing)

O21 - SSODL: dimoloyet - {eef84897-311f-4ea0-b615-383421c04862} - c:\windows\system32\mevozeha.dll

O22 - SharedTaskScheduler: jugezatag - {e43045d8-1721-4db9-94a0-dbd758e882ff} - (no file)

O22 - SharedTaskScheduler: kupuhivus - {cb87f816-d5e6-4f18-947d-8170ded70245} - c:\windows\system32\zigehuze.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {eef84897-311f-4ea0-b615-383421c04862} - c:\windows\system32\mevozeha.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites

Thanks for the reply, I followed that instructions but I was unable to run Combofix. I kept getting an error saying the application couldn't be executed because a certain file was infected. I even tried renaming it to get it to launch but that didn't work either. What should I try next? Thanks.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

Link to post
Share on other sites

I was able to disable whatever was preventing me from running ComboFix for a short time at least, here's the log. Thank you.

ComboFix 09-10-16.09 - Andrew Cochran 10/17/2009 4:53.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.590 [GMT -4:00]

Running from: c:\documents and settings\Andrew Cochran\Desktop\something.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))

.

2009-10-15 23:33 . 2009-10-15 23:33 -------- d-----w- c:\program files\Trend Micro

2009-10-15 23:19 . 2009-10-15 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-15 04:45 . 2009-10-15 04:46 -------- d-----w- C:\map

2009-10-15 04:38 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-15 04:38 . 2009-10-15 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-15 04:38 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-15 03:17 . 2009-10-15 03:17 -------- d-----w- c:\documents and settings\Andrew Cochran\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-17 08:33 . 2006-01-07 17:00 50080 ----a-w- c:\documents and settings\Andrew Cochran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-15 03:32 . 2006-08-03 01:13 -------- d-----w- c:\program files\PartyGaming.Net

2009-10-15 03:27 . 2006-12-12 00:37 -------- d-----w- c:\program files\Google

2009-10-14 11:23 . 2007-01-02 01:36 -------- d-----w- c:\program files\AIM6

2009-10-03 00:47 . 2005-11-24 18:32 -------- d-----w- c:\program files\McAfee

2009-09-17 01:28 . 2009-09-17 01:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2009-09-16 00:24 . 2008-06-04 01:04 256 ----a-w- c:\windows\system32\pool.bin

2009-09-15 00:42 . 2005-11-24 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-09-14 23:45 . 2005-11-17 05:10 -------- d-----w- c:\program files\Java

2009-09-11 22:11 . 2008-10-09 01:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-11 00:54 . 2007-04-20 00:49 -------- d--h--w- c:\documents and settings\Andrew Cochran\Application Data\Move Networks

2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2005-08-16 10:18 17408 ------w- c:\windows\system32\corpol.dll

2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 00:44 . 2005-08-16 10:18 2189184 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2004-08-04 04:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe

2009-07-25 09:23 . 2008-12-03 02:00 411368 ----a-w- c:\windows\system32\deploytk.dll

2007-03-08 03:01 . 2006-01-07 17:00 56 --sh--r- c:\windows\system32\E08D1D3791.sys

2007-03-08 03:01 . 2006-01-07 17:00 3974 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-10-17_04.15.22 )))))))))))))))))))))))))))))))))))))))))

.

- 2005-11-24 22:20 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll

+ 2005-11-24 22:20 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll

- 2007-08-13 23:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 23:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll

- 2007-08-13 23:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe

+ 2007-08-13 23:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe

- 2005-08-16 10:18 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll

- 2005-08-16 10:18 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe

+ 2005-08-16 10:18 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe

- 2007-08-13 23:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll

+ 2007-08-13 23:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2007-12-09 21:52 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-12-09 21:52 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2007-12-09 21:52 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2007-12-09 21:52 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-08-13 23:39 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll

- 2007-08-13 23:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-02-20 18:09 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll

- 2009-02-20 18:09 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll

- 2007-08-13 23:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2007-08-13 23:39 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-12-09 21:52 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll

+ 2007-12-09 21:52 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll

+ 2009-06-29 16:12 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll

- 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll

+ 2005-11-24 16:51 . 2009-10-17 07:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2005-11-24 16:51 . 2009-10-17 02:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2005-11-24 16:51 . 2009-10-17 07:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-11-24 16:51 . 2009-10-17 02:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2009-10-17 07:31 . 2009-10-17 07:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

- 2007-04-14 00:58 . 2007-04-14 00:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2007-04-14 01:30 . 2007-04-14 01:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2004-09-30 00:11 . 2009-06-24 16:56 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\ToGac.exe

+ 2004-10-07 23:36 . 2009-06-24 16:56 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe

- 2005-08-16 10:38 . 2007-01-02 20:29 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

+ 2005-08-16 10:38 . 2009-06-24 02:01 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

- 2005-08-16 10:38 . 2007-01-02 20:29 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

+ 2005-08-16 10:38 . 2009-06-24 02:01 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

+ 2005-08-16 10:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

- 2005-08-16 10:38 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

- 2005-08-16 10:38 . 2008-04-13 16:10 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe

+ 2005-08-16 10:38 . 2009-06-24 02:12 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe

+ 2009-10-17 07:06 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll

+ 2009-10-17 07:06 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe

+ 2009-10-17 07:06 . 2009-06-29 16:12 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll

+ 2009-10-17 07:06 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe

+ 2009-10-17 07:06 . 2009-06-29 16:12 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f89d8aff\System.Drawing.Design.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c35bd327\CustomMarshalers.dll

+ 2009-10-17 07:03 . 2009-10-17 07:03 90112 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_1d11e38e\System.Drawing.Design.dll

+ 2009-10-17 07:02 . 2009-10-17 07:02 61440 c:\windows\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_7c21ea6c\CustomMarshalers.dll

+ 2005-08-16 10:38 . 2009-06-29 15:57 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

- 2005-08-16 10:38 . 2007-01-02 20:29 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

+ 2005-08-16 10:19 . 2009-04-10 05:01 413544 c:\windows\system32\wmspdmod.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll

+ 2007-08-13 23:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll

- 2007-08-13 23:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll

+ 2007-08-13 23:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll

- 2007-08-13 23:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 17:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll

- 2007-07-11 17:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll

- 2005-08-16 10:18 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll

+ 2005-08-16 10:18 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll

+ 2009-04-10 05:01 . 2009-04-10 05:01 413544 c:\windows\system32\dllcache\wmspdmod.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll

+ 2007-08-13 23:54 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 23:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 23:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll

+ 2007-08-13 23:44 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll

+ 2006-08-21 14:52 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll

- 2006-08-21 14:52 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2007-08-13 23:44 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll

- 2007-08-13 23:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll

+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll

- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-12-09 21:52 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll

- 2007-12-09 21:52 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2007-08-13 23:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe

+ 2007-12-09 21:52 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll

- 2007-12-09 21:52 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll

- 2007-08-13 23:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-08-13 23:39 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-12-09 21:52 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2007-12-09 21:52 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2007-08-13 22:56 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll

- 2007-08-13 22:56 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 23:39 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 23:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 23:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 23:39 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2006-05-10 05:25 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2007-08-13 23:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll

+ 2007-08-13 23:39 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll

- 2005-08-16 10:18 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll

- 2007-04-14 00:58 . 2007-04-14 00:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2007-04-14 00:56 . 2007-04-14 00:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2007-04-14 01:30 . 2007-04-14 01:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2005-08-16 10:38 . 2009-06-24 01:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll

- 2005-08-16 10:38 . 2004-07-20 00:54 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll

- 2005-08-16 10:38 . 2008-04-13 16:09 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

+ 2005-08-16 10:38 . 2009-06-24 02:12 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 105984 c:\windows\ie7updates\KB974455-IE7\url.dll

+ 2009-10-17 07:06 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll

+ 2009-10-17 07:06 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe

+ 2009-10-17 07:06 . 2009-06-29 16:12 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll

+ 2009-10-17 07:06 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe

+ 2009-10-17 07:06 . 2009-06-29 16:12 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll

+ 2009-10-17 07:06 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_824f3851\System.Drawing.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b2104b31\System.Drawing.Design.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_512a856c\CustomMarshalers.dll

+ 2009-10-17 07:03 . 2009-10-17 07:03 847872 c:\windows\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_935dfeda\System.Drawing.dll

+ 2009-10-17 04:23 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll

- 2005-08-16 10:18 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll

+ 2005-08-16 10:18 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll

+ 2005-08-16 10:18 . 2009-08-29 07:36 3598336 c:\windows\system32\mshtml.dll

+ 2007-08-13 23:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll

- 2007-08-13 23:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll

+ 2006-05-10 05:25 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll

+ 2008-10-15 00:10 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-15 00:10 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-15 00:10 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-15 00:10 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-15 00:10 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2008-10-15 00:10 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-10-15 00:10 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2006-05-19 15:06 . 2009-08-29 07:36 3598336 c:\windows\system32\dllcache\mshtml.dll

- 2007-12-09 21:52 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2007-12-09 21:52 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll

- 2007-04-14 01:35 . 2007-04-14 01:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2007-04-14 01:35 . 2007-04-14 01:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2007-04-14 00:57 . 2007-04-14 00:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2007-04-14 00:50 . 2007-04-14 00:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2005-08-16 10:38 . 2007-01-02 20:40 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

+ 2005-08-16 10:38 . 2009-06-29 15:58 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

- 2005-08-16 10:38 . 2007-12-17 11:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

+ 2005-08-16 10:38 . 2009-06-24 02:00 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

+ 2005-08-16 10:38 . 2009-06-24 02:00 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll

- 2005-08-16 10:38 . 2007-12-17 11:58 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll

- 2005-08-16 10:38 . 2007-01-02 20:21 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

+ 2005-08-16 10:38 . 2009-06-29 15:58 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

+ 2009-10-17 07:06 . 2009-06-29 16:12 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll

+ 2009-10-17 07:06 . 2009-07-19 13:33 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll

+ 2009-10-17 07:06 . 2009-07-19 13:32 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll

+ 2008-10-15 00:10 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2008-10-15 00:10 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-15 00:10 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-15 00:10 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-15 00:10 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-15 00:10 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-10-15 00:10 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-10-17 07:05 . 2009-10-17 07:05 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_cd03aad3\System.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_35847da3\System.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e1a87d2e\System.Xml.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_de828d6f\System.Xml.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f288cca7\System.Windows.Forms.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6fd770d1\System.Windows.Forms.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cde85e6a\System.Drawing.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f343afd7\System.Design.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_311b5094\System.Design.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ddb84e3f\mscorlib.dll

+ 2009-10-17 07:05 . 2009-10-17 07:05 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_97b414b0\mscorlib.dll

+ 2009-10-17 07:02 . 2009-10-17 07:02 1855488 c:\windows\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_ad6cbdbc\System.dll

+ 2009-10-17 07:03 . 2009-10-17 07:03 2027520 c:\windows\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_64f0c305\System.Xml.dll

+ 2009-10-17 07:03 . 2009-10-17 07:03 2953216 c:\windows\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_af06083c\System.Windows.Forms.dll

+ 2009-10-17 07:03 . 2009-10-17 07:03 1454080 c:\windows\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_aba4508b\System.Design.dll

+ 2009-10-17 07:02 . 2009-10-17 07:02 3301376 c:\windows\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_22eb718c\mscorlib.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2007-07-15 01:50 . 2007-07-15 01:50 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2009-10-17 07:04 . 2009-10-17 07:04 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2007-07-15 01:50 . 2007-07-15 01:50 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-10-17 07:02 . 2009-10-17 07:02 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-08-05 03:21 . 2008-08-05 03:21 1200128 c:\windows\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-10-17 07:07 . 2009-10-02 15:01 25198016 c:\windows\system32\MRT.exe

+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp

+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\9b62b5.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-17 26112]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]

"HostManager"="c:\program files\Common Files\AOL\1132883330\ee\AOLSoftware.exe" [2006-05-10 50760]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-06-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-11-17 156784]

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-17 24576]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1132883330\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1132883330\\ee\\aim6.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"=

"c:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\MMDiag.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosA2dp.exe"=

"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=

"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=

"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/6/2009 9:14 PM 92296]

.

Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410449517-1141240374-4291847742-1006Core.job

- c:\documents and settings\Andrew Cochran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 17:21]

2009-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410449517-1141240374-4291847742-1006UA.job

- c:\documents and settings\Andrew Cochran\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-07 17:21]

2009-10-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-07 01:26]

2009-04-07 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-07 01:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mycorplink.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-17 05:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1320)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

c:\windows\system32\msacm32.drv

- - - - - - - > 'explorer.exe'(1972)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2009-10-17 5:05

ComboFix-quarantined-files.txt 2009-10-17 09:04

ComboFix2.txt 2009-10-17 04:23

Pre-Run: 54,780,133,376 bytes free

Post-Run: 54,739,587,072 bytes free

411 --- E O F --- 2009-10-17 07:09

Thanks for the reply, I followed that instructions but I was unable to run Combofix. I kept getting an error saying the application couldn't be executed because a certain file was infected. I even tried renaming it to get it to launch but that didn't work either. What should I try next? Thanks.
Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.