MalwareBytes won't install, error running Defogger, GMER crashes

[david888m]

HISTORY

i had to connect my 2 hard disks to another motherboard because the previous one stopped recognizing hard disks

i had trouble installing win 2k

alvira rescue boot cd found a boot virus, but could not delete it

i ran many rescue cd's afterward

could install windows 2K despite reformatting the hard disk

finally deleted partitions, reconstructed the MBR, fdisk, and recreated partitions before i could install win2K

tried to install malwarebytes, but got installation error code 318

posted error on on this board and advised to post extensive test results here

TEST RESULTS

couldn't install malwarebytes

didn't run alvira antivir personal because installation requires sp4 and rollup update 1

my sp4 has always run from cd, but now demands huge download, repeated interruptions in download process until internet access stopped, had to reboot to get internet access again repeatedly

error running Defogger:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:40 on 16/03/2010 (Administrator)

Checking for autostart values...

Unable to open HKCU\~\Run key (2)

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DDS (Ver_09-12-01.01) - FAT32x86

Run by Administrator at 23:45:32.64 on Tue 03/16/2010

Internet Explorer: 5.00.2920.0000

Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.511.442 [GMT -8:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

mDefault_Page_URL = hxxp://www.msn.com

mRun: [synchronization Manager] mobsync.exe /logon

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

============= SERVICES / DRIVERS ===============

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2010-3-16 41600]

R3 An986n;USB to 10/100M Ethernet Adapter;c:\winnt\system32\drivers\An986n.sys [2010-3-16 28968]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1999-12-6 24688]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2010-3-16 55552]

R3 UF100;HAWKING UF100 USB 10/100 Network Adapter;c:\winnt\system32\drivers\UF100.sys [2010-3-16 26238]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2010-3-16 49392]

=============== Created Last 30 ================

2010-03-17 07:43:11 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_210.dat

2010-03-17 07:39:07 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-17 06:03:26 49392 ----a-w- c:\winnt\system32\drivers\usbhub20.sys

2010-03-17 06:03:26 0 d-----w- c:\winnt\USB2

2010-03-17 06:03:24 6912 ----a-w- c:\winnt\system32\drivers\vulfnth.sys

2010-03-17 06:03:24 45056 ----a-w- c:\winnt\system32\vusetup.dll

2010-03-17 06:03:24 10496 ----a-w- c:\winnt\system32\drivers\vulfntr.sys

2010-03-17 06:03:20 0 d-----w- c:\program files\VIA Technologies, Inc

2010-03-17 06:02:35 6416 ----a-w- c:\winnt\system32\hccoin.dll

2010-03-17 06:02:35 306688 ----a-w- c:\winnt\IsUninst.exe

2010-03-17 06:02:35 19216 ----a-w- c:\winnt\system32\drivers\usbehci.sys

2010-03-17 06:02:35 135920 ----a-w- c:\winnt\system32\drivers\usbport.sys

2010-03-17 05:43:46 0 d-----r- C:\MYDOCS

2010-03-17 03:35:47 0 d-----w- c:\documents and settings\administrator\DoctorWeb

2010-03-17 03:04:44 0 d-sh--w- C:\Recycled

2010-03-17 00:49:07 55552 ----a-r- c:\winnt\system32\drivers\ousb2hub.sys

2010-03-17 00:49:07 41600 ----a-r- c:\winnt\system32\drivers\ousbehci.sys

2010-03-17 00:45:07 0 d-----w- c:\program files\WindowsUpdate

2010-03-16 23:28:34 8192 ----a-w- c:\winnt\REGLOCS.OLD

2010-03-16 23:15:17 28968 ----a-r- c:\winnt\system32\drivers\An986n.sys

2010-03-16 22:43:40 19760 ----a-w- c:\winnt\system32\dllcache\usbstor.sys

2010-03-16 22:41:50 32144 ----a-w- c:\winnt\system32\drivers\uhcd.sys

2010-03-16 22:41:50 32144 ----a-w- c:\winnt\system32\dllcache\uhcd.sys

2010-03-16 22:28:49 464014 ---h--w- c:\winnt\ShellIconCache

2010-03-16 22:25:16 26238 ----a-w- c:\winnt\system32\drivers\UF100.sys

2010-03-16 22:23:46 0 d-----w- C:\UNINST

2010-03-16 22:19:59 0 d-----r- C:\UTIL

2010-03-16 22:19:06 0 d-----r- C:\BAT

2010-03-16 21:13:31 0 d-sh--w- c:\documents and settings\all users\DRM

2010-03-16 21:10:26 0 d-----w- c:\program files\Accessories

2010-03-16 21:10:24 0 d-----w- c:\program files\Windows NT

2010-03-16 20:58:45 0 d-----w- c:\program files\common files\ODBC

2010-03-16 20:58:32 0 d-----w- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-16 21:13:20 271 ---h--w- c:\program files\desktop.ini

2010-03-16 21:13:20 21952 ---h--w- c:\program files\folder.htt

2010-03-16 21:12:22 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

1999-12-07 05:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 23:45:38.43 ===============

running GMER gives error message: C:\WINNT\system32\config\system: The process cannot access the file because it is being used by another process. OK?

after I hit scan, get Blue Screen of Death, error message at top of screen ***STOP: 0x00000044 <0x91B9D308, 0x00000CCA, 0x00000000, 0x00000000>

MULTIPLE_IRP_COMPLETE_REQUESTS

reboots by itself,

Attach.zip

[david888m]

CORRECTION:

could not install windows 2K despite reformatting the hard disk

HISTORY

i had to connect my 2 hard disks to another motherboard because the previous one stopped recognizing hard disks

i had trouble installing win 2k

alvira rescue boot cd found a boot virus, but could not delete it

i ran many rescue cd's afterward

could install windows 2K despite reformatting the hard disk

finally deleted partitions, reconstructed the MBR, fdisk, and recreated partitions before i could install win2K

tried to install malwarebytes, but got installation error code 318

posted error on on this board and advised to post extensive test results here

TEST RESULTS

couldn't install malwarebytes

didn't run alvira antivir personal because installation requires sp4 and rollup update 1

my sp4 has always run from cd, but now demands huge download, repeated interruptions in download process until internet access stopped, had to reboot to get internet access again repeatedly

error running Defogger:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:40 on 16/03/2010 (Administrator)

Checking for autostart values...

Unable to open HKCU\~\Run key (2)

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DDS (Ver_09-12-01.01) - FAT32x86

Run by Administrator at 23:45:32.64 on Tue 03/16/2010

Internet Explorer: 5.00.2920.0000

Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.511.442 [GMT -8:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\Explorer.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

mDefault_Page_URL = hxxp://www.msn.com

mRun: [synchronization Manager] mobsync.exe /logon

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

============= SERVICES / DRIVERS ===============

R2 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\winnt\system32\drivers\ousbehci.sys [2010-3-16 41600]

R3 An986n;USB to 10/100M Ethernet Adapter;c:\winnt\system32\drivers\An986n.sys [2010-3-16 28968]

R3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [1999-12-6 24688]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\winnt\system32\drivers\ousb2hub.sys [2010-3-16 55552]

R3 UF100;HAWKING UF100 USB 10/100 Network Adapter;c:\winnt\system32\drivers\UF100.sys [2010-3-16 26238]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2010-3-16 49392]

=============== Created Last 30 ================

2010-03-17 07:43:11 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_210.dat

2010-03-17 07:39:07 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-17 06:03:26 49392 ----a-w- c:\winnt\system32\drivers\usbhub20.sys

2010-03-17 06:03:26 0 d-----w- c:\winnt\USB2

2010-03-17 06:03:24 6912 ----a-w- c:\winnt\system32\drivers\vulfnth.sys

2010-03-17 06:03:24 45056 ----a-w- c:\winnt\system32\vusetup.dll

2010-03-17 06:03:24 10496 ----a-w- c:\winnt\system32\drivers\vulfntr.sys

2010-03-17 06:03:20 0 d-----w- c:\program files\VIA Technologies, Inc

2010-03-17 06:02:35 6416 ----a-w- c:\winnt\system32\hccoin.dll

2010-03-17 06:02:35 306688 ----a-w- c:\winnt\IsUninst.exe

2010-03-17 06:02:35 19216 ----a-w- c:\winnt\system32\drivers\usbehci.sys

2010-03-17 06:02:35 135920 ----a-w- c:\winnt\system32\drivers\usbport.sys

2010-03-17 05:43:46 0 d-----r- C:\MYDOCS

2010-03-17 03:35:47 0 d-----w- c:\documents and settings\administrator\DoctorWeb

2010-03-17 03:04:44 0 d-sh--w- C:\Recycled

2010-03-17 00:49:07 55552 ----a-r- c:\winnt\system32\drivers\ousb2hub.sys

2010-03-17 00:49:07 41600 ----a-r- c:\winnt\system32\drivers\ousbehci.sys

2010-03-17 00:45:07 0 d-----w- c:\program files\WindowsUpdate

2010-03-16 23:28:34 8192 ----a-w- c:\winnt\REGLOCS.OLD

2010-03-16 23:15:17 28968 ----a-r- c:\winnt\system32\drivers\An986n.sys

2010-03-16 22:43:40 19760 ----a-w- c:\winnt\system32\dllcache\usbstor.sys

2010-03-16 22:41:50 32144 ----a-w- c:\winnt\system32\drivers\uhcd.sys

2010-03-16 22:41:50 32144 ----a-w- c:\winnt\system32\dllcache\uhcd.sys

2010-03-16 22:28:49 464014 ---h--w- c:\winnt\ShellIconCache

2010-03-16 22:25:16 26238 ----a-w- c:\winnt\system32\drivers\UF100.sys

2010-03-16 22:23:46 0 d-----w- C:\UNINST

2010-03-16 22:19:59 0 d-----r- C:\UTIL

2010-03-16 22:19:06 0 d-----r- C:\BAT

2010-03-16 21:13:31 0 d-sh--w- c:\documents and settings\all users\DRM

2010-03-16 21:10:26 0 d-----w- c:\program files\Accessories

2010-03-16 21:10:24 0 d-----w- c:\program files\Windows NT

2010-03-16 20:58:45 0 d-----w- c:\program files\common files\ODBC

2010-03-16 20:58:32 0 d-----w- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-16 21:13:20 271 ---h--w- c:\program files\desktop.ini

2010-03-16 21:13:20 21952 ---h--w- c:\program files\folder.htt

2010-03-16 21:12:22 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

1999-12-07 05:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 23:45:38.43 ===============

running GMER gives error message: C:\WINNT\system32\config\system: The process cannot access the file because it is being used by another process. OK?

after I hit scan, get Blue Screen of Death, error message at top of screen ***STOP: 0x00000044 <0x91B9D308, 0x00000CCA, 0x00000000, 0x00000000>

MULTIPLE_IRP_COMPLETE_REQUESTS

reboots by itself,

[david888m]

additional info:

1. error message on attempted installation:

"Error code: 718 (-2146893799, 0)

The keyset is not defined

2. Last weekend, I did scan with Alvira Rescue CD. The only thing it found was a boot virus, but could not remove it. After other procedures, Alvira Rescue CD could not find any malware. However, I was unable to install win 2k as stated earlier.

[screen317]

How did you get a DDS log if you can't install Windows?

You said you have two hard drives. Have you tried installing Win2k on the other hard drive?

[david888m]

How did you get a DDS log if you can't install Windows?

You said you have two hard drives. Have you tried installing Win2k on the other hard drive?

ANSWERED IN PREVIOUS POST:

(david888m @ Mar 17 2010, 01:53 AM)

"could not install windows 2K despite reformatting the hard disk

finally deleted partitions, reconstructed the MBR, fdisk, and recreated partitions before i could install win2K"

[screen317]

Missed that, sorry. You kept saying"However, I was unable to install win 2k as stated earlier" so it was a bit confusing. Pressing onward:

Specifically, could you describe the issues you are currently experiencing?

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a fresh HijackThis log.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

-screen317

[david888m]

Specifically, could you describe the issues you are currently experiencing?

[*]Copy and Paste the entire report in your next reply along with a fresh HijackThis log.

BRIEF BACKGROUND

Antivir rescue CD and Malwarebytes detected a boot virus about 2 weeks ago, but nothing else I tried detected anything. Since then, problems continue even though no antimalware solution is able to detect anything. Disabling network access is a primary activity of this virus. It also deletes and corrupts various device drivers or files associated with their functioning, interferes with OS repair and installation, sometimes interferes with antimalware installation, and occasionally hides the d: hard disk. My lans on 4 computers show a red X, saying that "A network cable is unplugged." A total of 7 nics on 4 computers have been affected. I previously got DSL access back for about 24 hours by fdisk/format and by System Restore. I am able to get dialup access back by installing a new OS.

CURRENT ISSUES

After flashing the bios, cleaning the mbr by fdisk /mbr and fdisk/mbr, formatting the whole hard disk, and reinstalling XP on one of the computers, I'm unable to get dsl internet access back. When I tried to format, it aborted twice at 27% with the message "not ready" before it went through all the way. One lan shows a red X, saying that "A network cable is unplugged." Another nic that installed many times before keep getting installation errors. A third nic that installed many times before cannot be detected. Also, I'm not getting audio. Compared to previous fdisking and formatting that brought back dsl for about 24 hours on this same computer, I have a flash drive with some backup data plugged in. Could that be the reason?

LOGS

Malwarebytes' Anti-Malware 1.44

Database version: 3902

Windows 5.1.2600 Service Pack 1

Internet Explorer 6.0.2800.1106

3/23/2010 2:17:12 AM

mbam-log-2010-03-23 (02-17-12).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 114758

Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_09-12-01.01) - FAT32x86

Run by XPUser at 9:40:30.15 on Tue 03/23/2010

Internet Explorer: 6.0.2800.1106

Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.361 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wpabaln.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe

C:\DOCUME~1\XPUser\LOCALS~1\Temp\RarSFX2\78tr28.exe

C:\DOCUME~1\XPUser\LOCALS~1\Temp\RarSFX2\k6mdsXP.exe

C:\Documents and Settings\XPUser\Desktop\TEMP\dds.scr

============== Pseudo HJT Report ===============

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xpuser\applic~1\mozilla\firefox\profiles\u8ap84wl.default\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2010-3-22 22360]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2010-3-22 45416]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-3-22 20160]

S3 UF100;HAWKING UF100 USB 10/100 Network Adapter;c:\windows\system32\drivers\UF100.sys [2010-3-22 26238]

=============== Created Last 30 ================

2010-03-23 17:38:34 0 ----a-w- c:\documents and settings\xpuser\defogger_reenable

2010-03-23 15:47:31 0 d-----w- c:\documents and settings\xpuser\DoctorWeb

2010-03-23 07:17:32 0 d-----w- c:\docume~1\xpuser\applic~1\Malwarebytes

2010-03-23 07:17:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-23 07:17:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-23 07:17:18 18520 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-23 07:17:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-23 06:18:52 0 d-sh--w- C:\FOUND.001

2010-03-23 06:16:43 0 d-----w- c:\program files\Avira

2010-03-23 06:16:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-03-23 05:24:38 0 d-sh--w- c:\documents and settings\all users\DRM

2010-03-23 05:22:49 0 d-----w- c:\program files\common files\MSSoap

2010-03-23 05:20:13 0 d--h--w- c:\program files\WindowsUpdate

2010-03-23 05:20:13 0 d-----w- c:\program files\Online Services

2010-03-23 05:19:51 0 d-----w- c:\program files\Messenger

2010-03-23 05:19:46 0 d-----w- c:\program files\MSN Gaming Zone

2010-03-23 05:19:05 0 d-----w- c:\program files\Windows NT

2010-03-23 04:37:57 0 d-----w- c:\program files\common files\ODBC

2010-03-23 04:37:52 0 d-----w- c:\program files\common files\SpeechEngines

2010-03-23 04:37:20 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-23 05:21:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 9:43:29.32 ===============

Thank you.

DDS.txt

ark.txt

[david888m]

Can I repair XP SP3 with SP1 CD and follow up with SP3 update? Alternatively, would I have to combine XP SP1 with SP3 update by a "slipstreaming process"? Has anybody done slipstreaming?

I'm thinking of editing track 0 (location of the possible virus and displaced mbr) and repairing with XP's fixboot and fixmbr

[david888m]

Can I repair XP SP3 with SP1 CD and follow up with SP3 update? Alternatively, would I have to combine XP SP1 with SP3 update by a "slipstreaming process"? Has anybody done slipstreaming?

I'm thinking of editing track 0 (location of the possible virus and displaced mbr) and repairing with XP's fixboot and fixmbr

I'm thinking that the virus could have displaced the mbr. I read about a virus that moved the mbr to sector 7 of track 0 and redirected examination of itself to the mbr.

[screen317]

Hi,

Do you know what this file is:

C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe

Please go to VirusTotal, and upload the following file for analysis:

C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe

Post the results in your reply.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

-screen317

[david888m]

Hi,

Do you know what this file is:

C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe

Please go to VirusTotal, and upload the following file for analysis:

C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe

Post the results in your reply.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

After you post that log, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
  

-screen317

"C:\Documents and Settings\XPUser\My Documents\Downloads\qby679ys.exe:

The above file is Dr. Web Cureit's scanner file. I already deleted it earlier.

DDS (Ver_10-03-17.01) - FAT32x86

Run by Administrator at 0:19:03.78 on Mon 04/05/2010

Internet Explorer: 6.0.2600.0000

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.254.91 [GMT -4:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\MYDOCS\Downloads\dds.scr

============== Pseudo HJT Report ===============

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ort6yxoa.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-27 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-27 185089]

R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2010-3-27 65240]

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2010-3-27 61712]

R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2010-3-27 602128]

=============== Created Last 30 ================

2010-12-25 05:30:21 985 ----a-w- c:\winnt\ODBC.INI

2010-04-05 04:19:06 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_288.dat

2010-04-05 02:41:17 0 d-----w- c:\program files\ToniArts

2010-03-29 14:29:41 457515 ----a-r- C:\txtsetup.sif

2010-03-29 14:29:41 278688 ----a-r- C:\$LDR$

2010-03-29 14:29:03 277152 --sha-r- C:\ntldr

2010-03-29 14:23:44 0 d-----w- C:\$WIN_NT$.~BT

2010-03-28 21:56:05 91920 ----a-w- c:\winnt\system32\CINTLGNT.IME

2010-03-28 21:56:04 118032 ----a-w- c:\winnt\system32\TINTLGNT.IME

2010-03-28 21:56:03 1696 ----a-w- c:\winnt\system32\noise.cht

2010-03-28 21:56:03 12560 ----a-w- c:\winnt\system32\dllcache\chtbrkr.dll

2010-03-28 21:56:03 12560 ----a-w- c:\winnt\system32\chtbrkr.dll

2010-03-28 21:56:01 18600 ----a-w- c:\winnt\system32\arrayhw.tab

2010-03-28 21:56:01 146126 ----a-w- c:\winnt\system32\array30.tab

2010-03-28 21:56:00 16312 ----a-w- c:\winnt\system32\arptr.tbl

2010-03-28 21:56:00 1577216 ----a-w- c:\winnt\system32\dllcache\cjime.exe

2010-03-28 21:56:00 1577216 ----a-w- c:\winnt\system32\cjime.exe

2010-03-28 21:56:00 110566 ----a-w- c:\winnt\system32\arphr.tbl

2010-03-28 21:36:16 344 ----a-w- c:\winnt\system32\PINTLPAD.CNT

2010-03-28 21:36:16 290816 ----a-w- c:\winnt\system32\IMEPAD.DLL

2010-03-28 21:36:16 290816 ----a-w- c:\winnt\system32\dllcache\imepad.dll

2010-03-28 21:36:16 154487 ----a-w- c:\winnt\system32\PINTLPAD.HLP

2010-03-28 21:36:15 73787 ----a-w- c:\winnt\system32\PINTLGNT.IME

2010-03-28 21:36:15 0 d-----w- c:\winnt\system32\IME

2010-03-28 21:25:10 63 ----a-w- c:\winnt\mdm.ini

2010-03-28 20:52:23 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit Software

2010-03-28 20:51:16 0 d-----w- c:\program files\Foxit Software

2010-03-28 20:51:16 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit

2010-03-28 20:20:59 0 d-----w- c:\program files\IZArc

2010-03-28 20:18:13 0 d-----w- c:\winnt\ShellNew

2010-03-28 19:35:43 0 d-----w- c:\docume~1\admini~1\applic~1\SogouPY.users

2010-03-28 19:34:51 0 d-----w- c:\program files\SogouInput

2010-03-28 19:34:50 0 d-----w- c:\docume~1\admini~1\applic~1\SogouPY

2010-03-28 10:46:44 452096 ----a-w- c:\winnt\system32\igfxrptg.lrc

2010-03-28 10:01:51 306688 ----a-w- c:\winnt\IsUninst.exe

2010-03-28 09:53:14 0 d-----w- C:\dell

2010-03-28 09:43:59 283648 ----a-w- c:\winnt\uninst.exe

2010-03-28 09:04:11 969 ----a-w- c:\winnt\juno.ini

2010-03-28 00:05:13 0 d-----w- c:\documents and settings\administrator\DoctorWeb

2010-03-27 18:54:58 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-03-27 17:59:42 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-27 17:58:28 65240 ----a-w- c:\winnt\system32\drivers\avgntflt.sys

2010-03-27 17:58:28 0 d-----w- c:\program files\Avira

2010-03-27 17:58:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-03-27 17:58:05 0 d-----w- c:\winnt\winsxs

2010-03-27 17:54:44 0 d-----w- c:\winnt\system32\Windows Media

2010-03-27 17:53:59 0 d--h--w- c:\winnt\$NtUpdateRollupPackUninstall$

2010-03-27 17:53:58 0 d-----w- c:\winnt\msiinst.tmp

2010-03-27 17:52:45 0 d-----w- c:\winnt\ime

2010-03-27 17:52:41 0 d--h--w- c:\program files\WindowsUpdate

2010-03-27 17:52:39 0 d-----w- c:\winnt\system32\Microsoft

2010-03-27 17:47:45 0 d-----w- c:\winnt\system32\ie_de

2010-03-27 17:47:45 0 d-----w- c:\winnt\system32\CertSrv

2010-03-27 17:47:45 0 d-----w- c:\winnt\ServicePackFiles

2010-03-27 17:46:41 3856 ------w- c:\winnt\system32\SVCPACK1.DLL

2010-03-27 17:44:52 977680 ----a-w- c:\winnt\system32\vfpodbc.dll

2010-03-27 17:43:58 85776 ----a-w- c:\winnt\system32\smlogsvc.exe

2010-03-27 17:42:55 444176 ----a-w- c:\winnt\system32\oieng400.dll

2010-03-27 17:41:59 353 ------w- c:\winnt\system32\extenum.ldf

2010-03-27 17:40:54 305664 ----a-w- c:\winnt\system32\msihnd.dll

2010-03-27 17:40:51 64512 ----a-w- c:\winnt\system32\msiexec.exe

2010-03-27 17:40:46 2017792 ----a-w- c:\winnt\system32\msi.dll

2010-03-27 17:40:04 319760 ----a-w- c:\winnt\system32\msexcl40.dll

2010-03-27 17:40:03 512272 ----a-w- c:\winnt\system32\msexch40.dll

2010-03-27 17:40:02 844560 ----a-w- c:\winnt\system32\msdxm.ocx

2010-03-27 17:40:02 4126 ----a-w- c:\winnt\system32\msdxmlc.dll

2010-03-27 17:37:42 63248 ----a-w- c:\winnt\system32\winime.ime

2010-03-27 17:37:41 76048 ----a-w- c:\winnt\system32\phon.ime

2010-03-27 17:37:41 75536 ----a-w- c:\winnt\system32\winar30.ime

2010-03-27 17:37:41 74512 ----a-w- c:\winnt\system32\quick.ime

2010-03-27 17:37:41 74000 ----a-w- c:\winnt\system32\uniime.dll

2010-03-27 17:37:41 74000 ----a-w- c:\winnt\system32\dllcache\uniime.dll

2010-03-27 17:37:41 62736 ----a-w- c:\winnt\system32\unicdime.ime

2010-03-27 17:37:41 25360 ----a-w- c:\winnt\system32\romanime.ime

2010-03-27 17:35:59 618889 ----a-w- c:\winnt\system32\instcat.sql

2010-03-27 17:34:58 97552 ----a-w- c:\winnt\system32\comrepl.dll

2010-03-27 17:10:47 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-03-27 17:10:45 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-03-27 17:10:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-27 17:10:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-27 16:52:28 0 d-----w- C:\UNINST

2010-03-27 08:44:30 0 d-----w- C:\UTIL

2010-03-27 08:43:27 0 d-----w- c:\program files\SSH Communications Security

2010-03-27 08:43:26 0 d-----w- c:\program files\RegClean

2010-03-27 08:43:24 0 d-----w- c:\program files\QPRO

2010-03-27 08:42:42 0 d-----w- c:\program files\ATF Cleaner

2010-03-27 08:35:57 0 d-----w- c:\program files\Juno

2010-03-27 08:33:21 0 d-----r- C:\MYDOCS

2010-03-27 08:33:19 0 d-----w- C:\juno2

2010-03-27 08:33:17 0 d-----w- C:\juno1

2010-03-27 08:33:17 0 d-----w- C:\Index

2010-03-27 08:33:17 0 d-----w- C:\Futures

2010-03-27 08:33:17 0 d-----w- C:\FOREX

2010-03-27 08:33:14 0 d-----w- C:\EXPORT

2010-03-27 08:32:53 0 d-----w- C:\COMM

2010-03-27 08:32:20 0 d-----w- C:\BAT

2010-03-27 08:32:20 0 d-----w- C:\antbar

2010-03-27 08:23:52 1184260 ---h--w- c:\winnt\ShellIconCache

2010-03-27 08:15:37 12592 ----a-w- c:\winnt\system32\drivers\usbscan.sys

2010-03-27 08:15:06 416 ----a-w- c:\winnt\MAXLINK.INI

2010-03-27 08:14:56 0 d-----w- c:\program files\common files\ScanSoft Shared

2010-03-27 08:14:24 0 d-----w- c:\program files\ScanSoft

2010-03-27 08:13:03 197632 ----a-w- c:\winnt\system32\CNMLM83.DLL

2010-03-27 08:12:58 73728 ----a-w- c:\winnt\system32\CNCU160.DLL

2010-03-27 08:12:58 135168 ----a-w- c:\winnt\system32\CNCL160.DLL

2010-03-27 08:09:20 27136 ----a-w- c:\winnt\system32\dllcache\mspatcha.dll

2010-03-27 08:07:19 0 d-----w- c:\program files\Canon

2010-03-27 07:40:47 0 d-sh--w- c:\documents and settings\all users\DRM

2010-03-27 07:38:06 0 d-----w- c:\program files\Accessories

2010-03-27 07:38:01 0 d-----w- c:\program files\Windows NT

2010-03-27 07:31:02 0 d-----w- c:\program files\common files\ODBC

2010-03-27 07:30:39 0 d-----w- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-27 07:40:44 271 ---h--w- c:\program files\desktop.ini

2010-03-27 07:40:44 21952 ---h--w- c:\program files\folder.htt

2010-03-27 07:39:32 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

2010-03-25 06:08:20 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_31c.dat

1999-12-07 01:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 0:19:24.64 ===============

ComboFix 10-03-29.02 - Administrator 04/05/2010 0:22.1.1 - FAT32x86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.254.175 [GMT -4:00]

Running from: c:\mydocs\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\winnt\Web\default.htt

c:\winnt\system32\comres.dll . . . is infected!!

c:\winnt\system32\qmgr.dll . . . is infected!!

c:\winnt\system32\comres.dll . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))

.

2010-04-05 02:41 . 2010-04-05 02:41 -------- d-----w- c:\program files\ToniArts

2010-04-05 02:41 . 2010-04-05 02:41 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-29 14:23 . 2010-03-29 14:23 -------- d-----w- C:\$WIN_NT$.~BT

2010-03-28 21:56 . 1999-12-06 20:00 12560 ----a-w- c:\winnt\system32\dllcache\chtbrkr.dll

2010-03-28 21:56 . 1999-12-06 20:00 12560 ----a-w- c:\winnt\system32\chtbrkr.dll

2010-03-28 21:56 . 1999-12-06 20:00 1577216 ----a-w- c:\winnt\system32\dllcache\cjime.exe

2010-03-28 21:56 . 1999-12-06 20:00 1577216 ----a-w- c:\winnt\system32\cjime.exe

2010-03-28 21:55 . 1999-12-06 20:00 1409792 ----a-w- c:\winnt\system32\phime.exe

2010-03-28 21:55 . 1999-12-06 20:00 1409792 ----a-w- c:\winnt\system32\dllcache\phime.exe

2010-03-28 21:36 . 1999-08-05 20:11 290816 ----a-w- c:\winnt\system32\IMEPAD.DLL

2010-03-28 21:36 . 1999-08-05 20:11 290816 ----a-w- c:\winnt\system32\dllcache\imepad.dll

2010-03-28 21:25 . 2010-03-28 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canon

2010-03-28 20:52 . 2010-03-28 20:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit Software

2010-03-28 20:51 . 2010-03-28 20:51 -------- d-----w- c:\program files\Foxit Software

2010-03-28 20:51 . 2010-03-28 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit

2010-03-28 20:20 . 2010-03-28 20:21 -------- d-----w- c:\program files\IZArc

2010-03-28 20:18 . 2010-03-28 20:18 -------- d-----w- c:\winnt\ShellNew

2010-03-28 20:16 . 2010-03-28 20:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Web Folders

2010-03-28 19:35 . 2010-03-28 19:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SogouPY.users

2010-03-28 19:34 . 2010-03-28 19:34 -------- d-----w- c:\program files\SogouInput

2010-03-28 19:34 . 2010-03-28 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SogouPY

2010-03-28 19:31 . 1999-12-06 20:00 12560 ----a-w- c:\winnt\system32\dllcache\chsbrkr.dll

2010-03-28 19:31 . 1999-12-06 20:00 12560 ----a-w- c:\winnt\system32\chsbrkr.dll

2010-03-28 19:31 . 1999-12-06 20:00 3442432 ----a-w- c:\winnt\system32\pyime.exe

2010-03-28 19:31 . 1999-12-06 20:00 3442432 ----a-w- c:\winnt\system32\dllcache\pyime.exe

2010-03-28 10:08 . 2007-10-23 13:27 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe

2010-03-28 10:01 . 1998-10-29 20:45 306688 ----a-w- c:\winnt\IsUninst.exe

2010-03-28 09:57 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\Administrator\Application Data\U3\temp\Launchpad Removal.exe

2010-03-28 09:56 . 2010-03-28 09:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3

2010-03-28 09:53 . 2010-03-28 09:53 -------- d-----w- C:\dell

2010-03-28 09:43 . 1996-01-09 14:38 283648 ----a-w- c:\winnt\uninst.exe

2010-03-28 09:10 . 2010-03-28 09:10 2829 ----a-w- c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Quattro.pif

2010-03-28 06:47 . 2010-03-28 06:47 -------- d-----w- c:\winnt\system32\Macromed

2010-03-28 06:18 . 2010-03-28 06:18 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft

2010-03-28 00:05 . 2010-03-28 00:05 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb

2010-03-27 18:57 . 2010-03-27 18:57 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-03-27 18:54 . 2010-03-27 18:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-03-27 17:58 . 2010-03-27 17:58 -------- d-----w- c:\program files\Avira

2010-03-27 17:58 . 2010-03-27 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-03-27 17:58 . 2009-03-30 13:32 97512 ----a-w- c:\winnt\system32\drivers\avipbb.sys

2010-03-27 17:58 . 2009-03-24 19:07 65240 ----a-w- c:\winnt\system32\drivers\avgntflt.sys

2010-03-27 17:58 . 2009-02-13 15:28 18520 ----a-w- c:\winnt\system32\drivers\avgntmgr.sys

2010-03-27 17:58 . 2009-02-13 15:16 64488 ----a-w- c:\winnt\system32\drivers\avgntdd.sys

2010-03-27 17:58 . 2010-03-27 17:58 -------- d-----w- c:\winnt\winsxs

2010-03-27 17:54 . 2010-03-27 17:54 -------- d-----w- c:\winnt\system32\Windows Media

2010-03-27 17:53 . 2010-03-27 17:54 -------- d--h--w- c:\winnt\$NtUpdateRollupPackUninstall$

2010-03-27 17:53 . 2010-03-27 17:54 -------- d-----w- c:\winnt\msiinst.tmp

2010-03-27 17:52 . 2010-03-27 17:52 -------- d-----w- c:\winnt\ime

2010-03-27 17:52 . 2010-03-27 17:52 -------- d-----w- c:\winnt\system32\Microsoft

2010-03-27 17:47 . 2010-03-27 17:47 -------- d-----w- c:\winnt\system32\ie_de

2010-03-27 17:47 . 2010-03-27 17:47 -------- d-----w- c:\winnt\system32\CertSrv

2010-03-27 17:47 . 2010-03-27 17:47 -------- d-----w- c:\winnt\ServicePackFiles

2010-03-27 17:46 . 2003-06-19 16:05 3856 ------w- c:\winnt\system32\SVCPACK1.DLL

2010-03-27 17:44 . 2003-06-19 18:05 977680 ----a-w- c:\winnt\system32\vfpodbc.dll

2010-03-27 17:43 . 2003-06-19 18:05 85776 ----a-w- c:\winnt\system32\smlogsvc.exe

2010-03-27 17:42 . 2003-06-19 18:05 444176 ----a-w- c:\winnt\system32\oieng400.dll

2010-03-27 17:41 . 2003-06-19 18:05 33616 ------w- c:\winnt\system32\drivers\fips.sys

2010-03-27 17:40 . 2003-06-19 18:05 305664 ----a-w- c:\winnt\system32\msihnd.dll

2010-03-27 17:40 . 2003-09-20 01:53 64512 ----a-w- c:\winnt\system32\msiexec.exe

2010-03-27 17:40 . 2003-06-19 18:05 2017792 ----a-w- c:\winnt\system32\msi.dll

2010-03-27 17:40 . 2004-07-19 23:56 319760 ----a-w- c:\winnt\system32\msexcl40.dll

2010-03-27 17:40 . 2003-09-26 07:42 512272 ----a-w- c:\winnt\system32\msexch40.dll

2010-03-27 17:40 . 2003-06-19 18:05 4126 ----a-w- c:\winnt\system32\msdxmlc.dll

2010-03-27 17:37 . 2003-06-19 18:05 74000 ----a-w- c:\winnt\system32\uniime.dll

2010-03-27 17:37 . 2003-06-19 18:05 74000 ----a-w- c:\winnt\system32\dllcache\uniime.dll

2010-03-27 17:35 . 2003-06-19 18:05 206096 ----a-w- c:\winnt\system32\infosoft.dll

2010-03-27 17:34 . 2004-03-11 18:29 97552 ----a-w- c:\winnt\system32\comrepl.dll

2010-03-27 17:33 . 2010-03-27 17:33 0 ----a-w- c:\winnt\nsreg.dat

2010-03-27 17:33 . 2010-03-27 17:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-03-27 17:10 . 2010-01-07 20:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-03-27 17:10 . 2010-03-27 17:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-27 17:10 . 2010-03-27 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-03-27 17:10 . 2010-01-07 20:07 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-03-27 16:52 . 2010-03-27 16:52 -------- d-----w- C:\UNINST

2010-03-27 08:44 . 2010-03-27 08:44 -------- d-----w- C:\UTIL

2010-03-27 08:43 . 2010-03-27 08:43 -------- d-----w- c:\program files\SSH Communications Security

2010-03-27 08:43 . 2010-03-27 08:43 -------- d-----w- c:\program files\RegClean

2010-03-27 08:43 . 2010-03-27 08:43 -------- d-----w- c:\program files\QPRO

2010-03-27 08:42 . 2010-03-27 08:42 -------- d-----w- c:\program files\ATF Cleaner

2010-03-27 08:35 . 2010-03-27 08:35 -------- d-----w- c:\program files\Juno

2010-03-27 08:33 . 2010-04-04 17:24 -------- d-----r- C:\MYDOCS

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\juno2

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\juno1

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\Index

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\Futures

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\FOREX

2010-03-27 08:33 . 2010-03-27 08:33 -------- d-----w- C:\EXPORT

2010-03-27 08:32 . 2010-03-27 08:32 -------- d-----w- C:\COMM

2010-03-27 08:32 . 2010-03-27 08:32 -------- d-----w- C:\BAT

2010-03-27 08:32 . 2010-03-27 08:32 -------- d-----w- C:\antbar

2010-03-27 08:29 . 2010-03-27 08:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Scansoft

2010-03-27 08:15 . 2006-09-13 04:00 74240 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0409\CNMsr83.dll

2010-03-27 08:15 . 2006-09-13 04:00 73216 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0411\CNMlr83.dll

2010-03-27 08:15 . 2006-09-13 04:00 42496 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0411\CNMsr83.dll

2010-03-27 08:15 . 2006-09-13 04:00 334848 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0409\CNMur83.dll

2010-03-27 08:15 . 2006-09-13 04:00 249344 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0411\CNMur83.dll

2010-03-27 08:15 . 2006-09-13 04:00 130048 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINNT\Canon MP160 Printer\LanguageModules\0409\CNMlr83.dll

2010-03-27 08:15 . 2003-06-19 18:05 12592 ----a-w- c:\winnt\system32\drivers\usbscan.sys

2010-03-27 08:15 . 2010-03-27 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield

2010-03-27 08:15 . 2010-03-27 08:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft

2010-03-27 08:14 . 2010-03-27 08:14 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2010-03-27 08:14 . 2010-03-27 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft

2010-03-27 08:14 . 2010-03-27 08:14 -------- d-----w- c:\program files\ScanSoft

2010-03-27 08:13 . 2010-03-27 08:13 -------- d-----w- c:\program files\Common Files\InstallShield

2010-03-27 08:13 . 2010-03-27 08:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ

2010-03-27 08:13 . 2006-09-13 04:00 69632 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\CNMPP83.DLL

2010-03-27 08:13 . 2006-09-13 04:00 27136 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\CNMPD83.DLL

2010-03-27 08:13 . 2006-09-13 04:00 197632 ----a-w- c:\winnt\system32\CNMLM83.DLL

2010-03-27 08:13 . 2010-03-27 08:13 -------- d--h--w- c:\winnt\system32\CanonIJ Uninstaller Information

2010-03-27 08:12 . 2006-05-26 09:54 135168 ----a-w- c:\winnt\system32\CNCL160.DLL

2010-03-27 08:12 . 2006-04-13 15:22 73728 ----a-w- c:\winnt\system32\CNCU160.DLL

2010-03-27 08:12 . 2010-03-27 08:12 -------- d--h--w- c:\program files\CanonBJ

2010-03-27 08:09 . 2002-01-26 05:59 27136 ----a-w- c:\winnt\system32\dllcache\mspatcha.dll

2010-03-27 08:07 . 2010-03-27 08:07 -------- d-----w- c:\program files\Canon

2010-03-27 08:04 . 2010-03-27 08:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-28 21:25 . 2010-03-28 21:25 5058 ----a-w- c:\winnt\Help\hhcolreg.dat

2010-03-27 07:42 . 2010-03-27 07:42 -------- d-----w- c:\program files\microsoft frontpage

2010-03-27 07:41 . 2010-03-27 07:41 558142 ----a-w- c:\winnt\java\Packages\4LBHFJ9J.ZIP

2010-03-27 07:41 . 2010-03-27 07:41 2678 ----a-w- c:\winnt\java\Packages\Data\6QB53FP3.DAT

2010-03-27 07:41 . 2010-03-27 07:41 2474 ----a-w- c:\winnt\java\Packages\Data\31FP37D7.DAT

2010-03-27 07:41 . 2010-03-27 07:41 2678 ----a-w- c:\winnt\java\Packages\Data\9JZ13T7H.DAT

2010-03-27 07:41 . 2010-03-27 07:41 2474 ----a-w- c:\winnt\java\Packages\Data\3PFFHBNZ.DAT

2010-03-27 07:41 . 2010-03-27 07:41 156441 ----a-w- c:\winnt\java\Packages\LVLZZVF5.ZIP

2010-03-27 07:41 . 2010-03-27 07:40 2678 ----a-w- c:\winnt\java\Packages\Data\TVF5BRTV.DAT

2010-03-27 07:41 . 2010-03-27 07:40 2678 ----a-w- c:\winnt\java\Packages\Data\NDZLZ7H7.DAT

2010-03-27 07:41 . 2010-03-27 07:40 2678 ----a-w- c:\winnt\java\Packages\Data\L31VFPJX.DAT

2010-03-27 07:40 . 2010-03-27 07:40 21952 ---h--w- c:\program files\folder.htt

2010-03-27 07:39 . 2010-03-27 07:39 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

2010-03-27 07:38 . 2010-03-27 07:38 -------- d-----w- c:\program files\Accessories

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/27/2010 1:58 PM 108289]

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [3/27/2010 3:31 AM 61712]

R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [3/27/2010 3:32 AM 602128]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT

*NewlyCreated* - RASAUTO

*NewlyCreated* - SHAREDACCESS

.

.

------- Supplementary Scan -------

.

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: %SystemRoot%\system32\msafd.dll

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ort6yxoa.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\TEMP\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-05 00:31

Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(160)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(756)

c:\winnt\AppPatch\AcLayers.DLL

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\winnt\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\winnt\system32\regsvc.exe

c:\winnt\system32\MSTask.exe

c:\winnt\system32\stisvc.exe

c:\winnt\System32\WBEM\WinMgmt.exe

.

**************************************************************************

.

Completion time: 2010-04-05 00:33:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-04-05 04:33

Pre-Run: 2,405,236,736 bytes free

Post-Run: 2,387,066,880 bytes free

- - End Of File - - E8929B680CD0C725D5444456FE5A5E0C

Attach.txt

[david888m]

The logs in the previous message was from the most heavily infected computer, which we can call "Dell". Dell was repartitioned and reformatted before reinstalling everything.

The logs below are from another computer, which we can call "Asus". Asus was merely cleaned. Thank you in advance.

DDS (Ver_09-12-01.01) - NTFSx86

Run by aida at 22:35:19.73 on Mon 03/29/2010

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.84 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\Kitco\Kcast\Kcast.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\aida\Desktop\TEMP\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [KITCO] c:\program files\kitco\kcast\Kcast

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_04\bin\jusched.exe

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

StartupFolder: c:\docume~1\aida\startm~1\programs\startup\epromp~1.lnk - e:\program files\eprompter\ePrompter.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office2k\office\OSA9.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aida\applic~1\mozilla\firefox\profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.quote.com/us/futures/chart.action?s=DX+H0&chartUi.period=V&chartUi.bardensity=MEDIUM&chartUi.bartype=BAR&chartUi.size=650x450&chartUi.minutes=60|http://www.quote.com/us/futures/chart.action?s=ZS+K0&chartUi.period=D&chartUi.bardensity=MEDIUM&chartUi.bartype=BAR&chartUi.size=650x450&chartUi.minutes=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2005-12-27 9344]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-11 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-11 29512]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-11 242696]

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160]

S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2005-12-27 459648]

=============== Created Last 30 ================

2010-03-30 00:09:14 0 dc----w- c:\program files\Ask.com

2010-03-30 00:06:35 0 dc----w- c:\docume~1\aida\applic~1\Foxit

2010-03-30 00:06:28 0 dc----w- c:\program files\Foxit Software

2010-03-26 17:47:38 0 dc----w- c:\program files\ATF Cleaner

2010-03-26 01:57:58 10752 -c--a-w- c:\windows\DCEBoot.exe

2010-03-21 16:45:01 0 dc----w- c:\windows\system32\wbem\Repository

2010-03-16 02:13:16 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

2010-03-15 18:15:18 1676288 -c----w- c:\windows\system32\xpssvcs.dll

2010-03-15 18:15:18 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-03-15 18:14:51 0 d-----w- C:\6d2515f828dfb1252cf1600a8801

2010-03-15 17:44:29 0 dc----w- c:\windows\system32\XPSViewer

2010-03-15 17:15:35 117760 -c----w- c:\windows\system32\prntvpt.dll

2010-03-15 17:15:34 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-03-15 17:15:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-03-15 17:15:24 575488 -c----w- c:\windows\system32\xpsshhdr.dll

2010-03-15 17:15:24 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-03-15 03:52:23 59 -c--a-w- c:\windows\ANS2000.INI

2010-03-15 03:52:23 4 -c-ha-w- c:\windows\a3kebook.ini

2010-03-15 03:52:23 20 -c-ha-w- c:\windows\akebook.ini

2010-03-15 02:27:18 0 d-----w- C:\0914d169360975d44502

2010-03-15 02:24:18 0 d-----w- C:\3959233dcb0314d67169

2010-03-15 02:23:39 0 d-----w- C:\6cea9058f732e05abd39c3ed7c

2010-03-15 01:25:44 0 dc----w- c:\docume~1\aida\applic~1\AVG8

2010-03-12 15:52:06 12464 -c--a-w- c:\windows\system32\avgrsstx.dll

2010-03-11 19:55:01 0 d--h--w- C:\$AVG

2010-03-11 19:53:49 242696 -c--a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-11 19:53:23 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 19:50:47 0 dc----w- c:\windows\system32\drivers\Avg

2010-03-11 19:47:26 0 dc----w- c:\program files\AVG

2010-03-11 19:47:05 0 dc----w- c:\docume~1\alluse~1\applic~1\avg9

2010-03-11 19:05:03 0 dc----w- c:\program files\MSXML 4.0

2010-03-11 17:52:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-11 17:51:52 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-11 17:51:39 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2010-03-11 17:50:45 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-11 17:50:24 268288 -c----w- c:\windows\system32\dllcache\httpext.dll

2010-03-11 17:45:54 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-11 17:45:54 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-11 17:45:13 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-03-11 17:45:13 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-03-11 17:45:12 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-03-11 17:45:12 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-03-11 17:45:11 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-03-11 17:45:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-03-11 17:45:09 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-03-11 17:45:08 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-03-11 17:45:04 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-11 17:44:55 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-11 17:44:50 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-11 17:43:17 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-11 17:42:57 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-11 17:42:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-11 17:42:18 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx

2010-03-11 17:36:21 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-03-11 17:36:12 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-11 17:36:02 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-11 17:29:33 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-11 17:15:53 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-03-11 17:15:40 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-11 17:12:56 2560 -c----w- c:\windows\system32\xpsp4res.dll

2010-03-11 17:12:55 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb

2010-03-11 17:12:54 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-03-11 17:12:42 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2010-03-11 08:17:00 0 dc----w- c:\windows\system32\wbem\AutoRecover

2010-03-11 07:55:45 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-03-11 07:55:45 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-03-11 07:55:44 79872 -c----w- c:\windows\system32\msxml6r.dll

2010-03-11 07:55:44 1372672 -c----w- c:\windows\system32\msxml6.dll

2010-03-11 07:55:43 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2010-03-11 07:55:10 9728 -c----w- c:\windows\system32\comsdupd.exe

2010-03-11 07:55:10 638 -c----w- c:\windows\system32\wbem\napclientprov.mof

2010-03-11 07:55:10 3990 -c----w- c:\windows\system32\wbem\napclientschema.mof

2010-03-11 07:55:10 1229 -c----w- c:\windows\system32\wbem\wscenter.mof

2010-03-11 07:55:08 53248 -c----w- c:\windows\system32\vbicodec.ax

2010-03-11 07:55:08 239616 -c----w- c:\windows\system32\wstrenderer.ax

2010-03-11 07:55:08 164352 -c----w- c:\windows\system32\wstpager.ax

2010-03-11 07:53:58 76800 -c----w- c:\windows\system32\qutil.dll

2010-03-11 07:35:09 4255 -c----w- c:\windows\system32\drivers\adv01nt5.dll

2010-03-11 07:34:59 18944 -c----w- c:\windows\system32\drivers\bthusb.sys

2010-03-11 07:26:34 19569 -c--a-w- c:\windows\003312_.tmp

2010-03-10 20:53:18 158760046 ----a-w- C:\DeepMeditationBrook.wav

2010-03-10 20:50:49 0 d-----w- C:\My Music

2010-03-03 20:36:49 0 d-----w- C:\Futures

2010-03-03 20:36:35 0 d-----w- C:\FOREX

==================== Find3M ====================

============= FINISH: 22:38:32.41 ===============

I can't find Asus' log file for Combofix. I'll have to run it again and post in the next message.

Attach.txt

[david888m]

Below is the Combofix log for Asus. Thank you in advance.

ComboFix 10-03-29.02 - aida 03/30/2010 1:08.2.1 - x86

Running from: c:\documents and settings\aida\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-30 )))))))))))))))))))))))))))))))

.

2010-03-30 00:09 . 2010-03-30 00:09 -------- dc----w- c:\program files\Ask.com

2010-03-30 00:06 . 2010-03-30 00:06 -------- dc----w- c:\documents and settings\aida\Application Data\Foxit

2010-03-30 00:06 . 2010-03-30 00:06 -------- dc----w- c:\program files\Foxit Software

2010-03-29 00:43 . 2010-03-30 02:36 0 -c--a-w- c:\documents and settings\aida\Local Settings\Application Data\prvlcl.dat

2010-03-26 17:47 . 2010-03-26 17:48 -------- dc----w- c:\program files\ATF Cleaner

2010-03-26 01:57 . 2010-03-26 01:57 10752 -c--a-w- c:\windows\DCEBoot.exe

2010-03-21 16:45 . 2010-03-21 16:45 -------- dc----w- c:\windows\system32\wbem\Repository

2010-03-15 18:15 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\xpssvcs.dll

2010-03-15 18:15 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-03-15 18:14 . 2010-03-15 17:23 -------- d-----w- C:\6d2515f828dfb1252cf1600a8801

2010-03-15 17:44 . 2010-03-15 17:44 -------- dc----w- c:\windows\system32\XPSViewer

2010-03-15 17:42 . 2010-03-15 17:42 -------- dc----w- c:\program files\MSBuild

2010-03-15 17:31 . 2010-03-15 17:31 -------- dc----w- c:\program files\Reference Assemblies

2010-03-15 17:22 . 2008-07-06 12:06 89088 -c--a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-03-15 17:15 . 2008-07-06 12:06 117760 -c----w- c:\windows\system32\prntvpt.dll

2010-03-15 17:15 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-03-15 17:15 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-03-15 17:15 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-03-15 17:15 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\xpsshhdr.dll

2010-03-15 17:15 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-03-15 06:13 . 2010-03-15 06:13 -------- dc----w- c:\program files\7-Zip

2010-03-15 02:27 . 2010-03-15 02:27 -------- d-----w- C:\0914d169360975d44502

2010-03-15 02:24 . 2010-03-15 02:24 -------- d-----w- C:\3959233dcb0314d67169

2010-03-15 02:23 . 2010-03-15 02:24 -------- d-----w- C:\6cea9058f732e05abd39c3ed7c

2010-03-15 01:25 . 2010-03-15 01:25 -------- dc----w- c:\documents and settings\aida\Application Data\AVG8

2010-03-12 15:57 . 2010-03-12 15:57 360584 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-03-12 15:57 . 2010-03-12 15:57 333192 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-03-12 15:57 . 2010-03-12 15:57 28424 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-03-12 15:52 . 2010-03-12 15:52 12464 -c--a-w- c:\windows\system32\avgrsstx.dll

2010-03-12 15:33 . 2010-03-11 19:48 1007896 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-03-12 15:33 . 2010-03-11 19:48 1658136 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-03-12 15:33 . 2010-03-11 19:48 613656 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-12 15:33 . 2010-03-11 19:48 800536 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-03-11 19:55 . 2010-03-11 19:55 -------- d-----w- C:\$AVG

2010-03-11 19:53 . 2010-03-12 15:52 242696 -c--a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-11 19:53 . 2010-03-12 15:41 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 19:53 . 2010-03-12 15:52 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-11 19:50 . 2010-03-29 22:09 -------- dc----w- c:\windows\system32\drivers\Avg

2010-03-11 19:47 . 2010-03-11 19:47 -------- dc----w- c:\program files\AVG

2010-03-11 19:47 . 2010-03-16 16:24 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-11 19:05 . 2010-03-11 19:05 -------- dc----w- c:\program files\MSXML 4.0

2010-03-11 17:52 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-11 17:51 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-11 17:51 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll

2010-03-11 17:50 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-11 17:50 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll

2010-03-11 17:45 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-11 17:45 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-11 17:45 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-03-11 17:45 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-03-11 17:45 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-03-11 17:45 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-03-11 17:45 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-03-11 17:45 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-03-11 17:45 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-03-11 17:45 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-03-11 17:45 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-11 17:44 . 2009-12-08 19:27 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-11 17:44 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-03-11 17:43 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-11 17:42 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-11 17:42 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-11 17:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-03-11 17:36 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-11 17:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-11 17:29 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-11 17:15 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-03-11 17:15 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-11 17:12 . 2008-05-03 11:55 2560 -c----w- c:\windows\system32\xpsp4res.dll

2010-03-11 17:12 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2010-03-11 17:12 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2010-03-11 08:17 . 2010-03-15 18:04 -------- dc----w- c:\windows\system32\wbem\AutoRecover

2010-03-11 07:55 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-03-11 07:55 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-03-11 07:55 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\msxml6.dll

2010-03-11 07:55 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\msxml6r.dll

2010-03-11 07:55 . 2008-04-14 10:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll

2010-03-11 07:55 . 2008-04-14 05:13 9728 -c----w- c:\windows\system32\comsdupd.exe

2010-03-11 07:53 . 2008-04-14 10:42 49152 -c----w- c:\windows\system32\powercfg.exe

2010-03-11 07:34 . 2008-04-14 10:41 15423 -c----w- c:\windows\system32\drivers\ch7xxnt5.dll

2010-03-10 20:50 . 2010-03-10 20:50 -------- d-----w- C:\My Music

2010-03-08 06:23 . 2010-03-25 11:06 439816 -c--a-w- c:\documents and settings\aida\Application Data\Real\Update\setup3.10\setup.exe

2010-03-03 20:36 . 2010-03-03 20:36 -------- d-----w- C:\Futures

2010-03-03 20:36 . 2010-03-03 20:36 -------- d-----w- C:\FOREX

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-30 02:51 . 2004-07-17 16:41 24488 -c--a-w- c:\documents and settings\aida\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-28 21:08 . 2003-09-16 07:32 -------- dc----w- c:\program files\microsoft frontpage

2010-03-24 21:50 . 2007-12-05 01:06 -------- dc----w- c:\program files\QPRO

2010-03-16 14:29 . 2004-04-14 18:48 -------- dc----w- c:\documents and settings\aida\Application Data\AdobeUM

2010-03-11 08:01 . 2003-09-16 07:28 82367 -c--a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat

2010-03-04 07:15 . 2009-01-19 17:36 -------- dc----w- c:\documents and settings\aida\Application Data\U3

2010-03-03 20:48 . 2009-11-30 18:12 -------- dc----w- c:\program files\DT

2010-01-10 13:54 . 2009-05-01 16:01 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-07 21:07 . 2009-01-17 20:38 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 21:07 . 2009-01-17 20:38 18520 -c--a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:50 . 2001-08-23 12:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\atapi.sys

[-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asyncmac.sys

[-] 2001-08-23 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kbdclass.sys

[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ndis.sys

[-] 2003-10-04 . D999CE17681D7D074D534FC5BC662E0A . 168192 . . [5.1.2600.1254] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826942$\ndis.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntfs.sys

[-] 2002-08-29 . E3AE9C79498210A5F39FE5A9AD62BC55 . 561920 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-08-23 . 70FAE0DCFDFAA0838D6778FCA028CE01 . 533504 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315403$\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys

[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2GDR\tcpip.sys

[-] 2006-01-13 . 8C101C9C566E2384AF28EF7C1DE4A36E . 340480 . . [5.1.2600.1792] . . c:\windows\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP1QFE\tcpip.sys

[-] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp1qfe\tcpip.sys

[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\tcpip.sys

[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\tcpip.sys

[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys

[-] 2005-02-23 . 466CBD4831E80729173654AB2B8C0FEE . 339968 . . [5.1.2600.1630] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys

[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\browser.dll

[-] 2004-03-30 . 34B4B8B9BC07449E9B340C93C468F92A . 48640 . . [5.1.2600.105] . . c:\windows\$NtUninstallKB841873_RTM$\browser.dll

[-] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2001-08-23 . 1C9CDCAD17F23BB7206451802307C529 . 49152 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB835732_RTM$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lsass.exe

[-] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2005-08-22 . 838B1DF317D55BFFF67F99F1AE7ECEB7 . 154624 . . [5.1.2600.1733] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll

[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netman.dll

[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\qmgr.dll

[-] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2002-01-22 . 9507281D9AFD440F0DA09BE6B7093C43 . 179712 . . [6.0.2600.27] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2001-08-23 . 3E6ACF2CD2E8C19B16E4B42D08CA3838 . 179200 . . [6.0.2600.0] . . c:\windows\$NtUninstallQ314862$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll

[-] 2005-07-26 . 0D903904A1CDDAA2AE29F48176C683D4 . 276992 . . [5.1.2600.1720] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2GDR\rpcss.dll

[-] 2005-01-14 . 4493E3E2C9449D96F703861D73C58B88 . 284672 . . [5.1.2600.1619] . . c:\windows\$NtUninstallKB902400$\rpcss.dll

[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\rpcss.dll

[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 2003-08-25 . D6755C39AE02ECDA111156401EC62022 . 204288 . . [5.1.2600.118] . . c:\windows\$NtUninstallKB828741_RTM$\rpcss.dll

[-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\$xpsp1hfm$\KB824146\rpcss.dll

[-] 2002-08-29 . 493FCBED180DCACF0B5D4C8C29949CA9 . 260608 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB828741$\rpcss.dll

[-] 2001-08-23 . 3F1C4DC5F03535E544996968DD225837 . 259072 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB824146_RTM$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\services.exe

[-] 2001-08-23 . E3DF4A0252D287C44606EE55355E1623 . 101376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 . 6B4BF97957A0B8795811975D4BF1ACFE . 53248 . . [5.1.2600.1699] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe

[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\spoolsv.exe

[-] 2001-08-23 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\winlogon.exe

[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2006-08-25 . 44AA778B2329428C9E8D5367BCF91CDD . 561664 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll

[-] 2006-03-17 . 551E967F1E08EE6E205FCB5ADCB0DFC5 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\73a765a7ebf2e1b5a6655f2bb798b30f\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\comctl32.dll

[-] 2004-04-17 . A7B3F3FB365B8B3B29C7C7322392C765 . 921600 . . [6.0] . . c:\windows\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll

[-] 2002-08-29 . 0B5D337119929505EE72D4E4A41ED1FD . 557056 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\cryptsvc.dll

[-] 2003-03-26 . 8B6DA0009AB7B3B8A5E9E28015A32EA7 . 53760 . . [5.1.2600.1190] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB826939$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 10:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2GDR\es.dll

[-] 2005-07-26 04:31 . 01B2EF40AAAF29786B0F906C487DD56A . 227328 . . [2001.12.4414.62] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\es.dll

[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$xpsp1hfm$\KB828741\es.dll

[-] 2004-03-06 02:05 . 08A859AA98E5991E05E92C3893FD3439 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtUninstallKB828741$\es.dll

[-] 2001-08-23 12:00 . F5963768CFD62FDB926FDB588EE69315 . 224768 . . [2001.12.4414.42] . . c:\windows\$NtUninstallKB828741_RTM$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\imm32.dll

[-] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll

[-] 2006-07-05 . 7815BF93413A3E504DAC1676BDE2D78F . 928768 . . [5.1.2600.1869] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\kernel32.dll

[-] 2002-08-29 . 8F162DC91D67D87C1A481BF602A9DAC8 . 930304 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2005-09-01 . 71E9F9E000221536047E059CBE2FE211 . 16384 . . [5.1.2600.1740] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\linkinfo.dll

[-] 2001-08-23 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\lpk.dll

[-] 2001-08-23 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\ERDNT\cache\mshtml.dll

[-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\system32\mshtml.dll

[-] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2006-06-30 17:28 . DCB29B03B80C5F26BB3F3A3DDA42281D . 2703872 . . [6.00.2800.1561] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2006-06-30 17:28 . DCB29B03B80C5F26BB3F3A3DDA42281D . 2703872 . . [6.00.2800.1561] . . c:\windows\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\mshtml.dll

[-] 2006-06-30 17:28 . DCB29B03B80C5F26BB3F3A3DDA42281D . 2703872 . . [6.00.2800.1561] . . c:\windows\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\mshtml.dll

[-] 2006-06-30 17:16 . B3E7100B7091D958AEC345DF099B0A94 . 2710528 . . [6.00.2800.1562] . . c:\windows\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\mshtml.dll

[-] 2006-06-30 17:16 . B3E7100B7091D958AEC345DF099B0A94 . 2710528 . . [6.00.2800.1562] . . c:\windows\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\mshtml.dll

[-] 2006-05-19 22:52 . 2B4C44316B82AE0772FA8562A6AD6AC9 . 2702848 . . [6.00.2800.1555] . . c:\windows\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\mshtml.dll

[-] 2006-05-19 22:47 . D05860EDBB5975EE9822A7C527255573 . 2709504 . . [6.00.2800.1556] . . c:\windows\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\mshtml.dll

[-] 2006-03-23 02:05 . D2C040629DC44C110897009366CB93B0 . 2709504 . . [6.00.2800.1544] . . c:\windows\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\RTMQFE\mshtml.dll

[-] 2006-03-23 00:35 . 0E629916652A236983CEAEA9D220907A . 2702336 . . [6.00.2800.1543] . . c:\windows\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\rtmgdr\mshtml.dll

[-] 2005-11-23 00:49 . 80E6EDC1F7C0FF9A77326B4D70B61828 . 2700288 . . [6.00.2800.1528] . . c:\windows\SoftwareDistribution\Download\9713e9b51e80029e4495bdef8a0358d1\rtmgdr\mshtml.dll

[-] 2005-11-23 00:48 . 46380BEA113BD3B5C0072B800A923011 . 2706944 . . [6.00.2800.1529] . . c:\windows\SoftwareDistribution\Download\9713e9b51e80029e4495bdef8a0358d1\RTMQFE\mshtml.dll

[-] 2005-10-04 20:19 . 478081E607D4A0CEDF883ADBE53AD23D . 2700288 . . [6.00.2800.1522] . . c:\windows\SoftwareDistribution\Download\1169f2a59ca3e969b458ec2f8fde1f5a\rtmgdr\mshtml.dll

[-] 2005-10-04 19:24 . 4E512722CA03830D48E2F1721BEB8A71 . 2706432 . . [6.00.2800.1523] . . c:\windows\SoftwareDistribution\Download\1169f2a59ca3e969b458ec2f8fde1f5a\RTMQFE\mshtml.dll

[-] 2005-07-18 23:36 . 5881589AF90567F041BF4F918D7AC1F4 . 2705408 . . [6.00.2800.1516] . . c:\windows\SoftwareDistribution\Download\2b8174cacb2d324011c75f0db152a026\RTMQFE\mshtml.dll

[-] 2005-07-18 23:22 . 436A11D32BF984720F58AC352A86D4F1 . 2699264 . . [6.00.2800.1515] . . c:\windows\SoftwareDistribution\Download\2b8174cacb2d324011c75f0db152a026\rtmgdr\mshtml.dll

[-] 2005-04-27 17:52 . 08F0B01556EEE4C5F783E919ABE6DAD5 . 2698752 . . [6.00.2800.1505] . . c:\windows\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\rtmgdr\mshtml.dll

[-] 2005-04-27 17:49 . 5C13CDF441805694A19BEEBAEDCDC9D7 . 2704384 . . [6.00.2800.1506] . . c:\windows\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\RTMQFE\mshtml.dll

[-] 2005-02-24 20:23 . 6EAEA2E84481E597096FAC8408F2161E . 2811904 . . [6.00.2800.1498] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll

[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mshtml.dll

[-] 2004-01-21 23:19 . 8C4CD3EE9B567B75CC58BCF0D782140D . 2795520 . . [6.00.2800.1400] . . c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msvcrt.dll

[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mswsock.dll

[-] 2001-08-23 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\netlogon.dll

[-] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe

[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[-] 2008-04-14 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2005-03-02 . A15A2EE0BE2F71FC1752A05660B8EBDC . 2040832 . . [5.1.2600.1634] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe

[-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntoskrnl.exe

[-] 2003-04-24 . 97EC4AB4650DA6FC521CF16F8A6DDCB0 . 1925760 . . [5.1.2600.1151] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2003-04-24 . 97EC4AB4650DA6FC521CF16F8A6DDCB0 . 1925760 . . [5.1.2600.1151] . . c:\windows\$xpsp1hfm$\Q811493\ntoskrnl.exe

[-] 2002-08-29 . B9080D97DBD631AADF9128F7316958D2 . 2042240 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ811493$\ntoskrnl.exe

[-] 2002-02-25 . 257AAFD1F77990355BB6E83650D52680 . 1875584 . . [5.1.2600.31] . . c:\windows\$NtUninstallQ811493_RTM$\ntoskrnl.exe

[-] 2001-08-23 . A29222D5281056E497408FCC9062F749 . 1982208 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ317277$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\powrprof.dll

[-] 2001-08-23 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\scecli.dll

[-] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfc.dll

[-] 2001-08-23 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\svchost.exe

[-] 2001-08-23 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll

[-] 2005-07-08 . 5F0469FF26B19790B5A0D7C77871B6CD . 238592 . . [5.1.2600.1715] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tapisrv.dll

[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2005-03-02 . 74202EB1BD67E8BE9509E38C8D2234B0 . 561152 . . [5.1.2600.1634] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll

[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\user32.dll

[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2003-09-25 . 32173306185F603E75C477E117F3BB8D . 560128 . . [5.1.2600.1255] . . c:\windows\$xpsp1hfm$\KB824141\user32.dll

[-] 2002-11-22 . 1BD18B332A07FD10BF0322C352A78078 . 528896 . . [5.1.2600.104] . . c:\windows\$NtUninstallKB824141_RTM$\user32.dll

[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB824141$\user32.dll

[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$xpsp1hfm$\Q328310\user32.dll

[-] 2002-08-29 . DD9269230C21EE8FB7FD3FCCC3B1CFCB . 560128 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ328310$\user32.dll

[-] 2001-08-23 . BE57A5C3ABD240514B98F6BCA872FB21 . 561152 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ328310_RTM$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\userinit.exe

[-] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\ERDNT\cache\wininet.dll

[-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\system32\wininet.dll

[-] 2009-12-22 . 814C265012ED921443C515A591D5BFE1 . 667136 . . [6.00.2900.5921] . . c:\windows\system32\dllcache\wininet.dll

[-] 2009-12-22 . BD27AF5C72D2FBFE491D3A3A8429B974 . 668672 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB978207$\wininet.dll

[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2006-06-23 18:33 . 7E7760C7F263EC7A740EE265B263F770 . 575488 . . [6.00.2800.1559] . . c:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2006-06-23 18:33 . 7E7760C7F263EC7A740EE265B263F770 . 575488 . . [6.00.2800.1559] . . c:\windows\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll

[-] 2006-06-23 18:33 . 7E7760C7F263EC7A740EE265B263F770 . 575488 . . [6.00.2800.1559] . . c:\windows\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll

[-] 2006-06-23 18:29 . 40F777875DFA05CD61FD1E8A593BE8E9 . 587776 . . [6.00.2800.1560] . . c:\windows\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll

[-] 2006-06-23 18:29 . 40F777875DFA05CD61FD1E8A593BE8E9 . 587776 . . [6.00.2800.1560] . . c:\windows\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll

[-] 2006-04-28 17:58 . 3D5062A7667913B9B515CC5769E9FB31 . 575488 . . [6.00.2800.1548] . . c:\windows\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll

[-] 2006-04-28 17:48 . 5F4E89C8B4903ACBBA2F4B32CF1ED3AD . 587264 . . [6.00.2800.1549] . . c:\windows\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll

[-] 2006-02-24 22:28 . AAA8906281E95954A20DF24BFC288FDE . 586752 . . [6.00.2800.1535] . . c:\windows\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\RTMQFE\wininet.dll

[-] 2006-02-24 21:26 . 9D3BF3EFCD3470FBECA54DEE9A3332B6 . 575488 . . [6.00.2800.1534] . . c:\windows\SoftwareDistribution\Download\bc2bb94b99deb6cd7b7cb182db7109cb\rtmgdr\wininet.dll

[-] 2005-10-21 21:04 . 1883FF793390091DBDB0B12A2916750C . 586752 . . [6.00.2800.1526] . . c:\windows\SoftwareDistribution\Download\9713e9b51e80029e4495bdef8a0358d1\RTMQFE\wininet.dll

[-] 2005-10-21 20:51 . 4D7F35D26E955FCB4A572908D216CF00 . 575488 . . [6.00.2800.1525] . . c:\windows\SoftwareDistribution\Download\9713e9b51e80029e4495bdef8a0358d1\rtmgdr\wininet.dll

[-] 2005-06-18 08:07 . 0CBCE38ABBC366B1BF0E5CDA87DA1FC8 . 585728 . . [6.00.2800.1512] . . c:\windows\SoftwareDistribution\Download\1169f2a59ca3e969b458ec2f8fde1f5a\RTMQFE\wininet.dll

[-] 2005-06-18 08:07 . 0CBCE38ABBC366B1BF0E5CDA87DA1FC8 . 585728 . . [6.00.2800.1512] . . c:\windows\SoftwareDistribution\Download\2b8174cacb2d324011c75f0db152a026\RTMQFE\wininet.dll

[-] 2005-06-18 07:49 . ECE5D8E5C4B797F057E6933B539A7982 . 574976 . . [6.00.2800.1511] . . c:\windows\SoftwareDistribution\Download\1169f2a59ca3e969b458ec2f8fde1f5a\rtmgdr\wininet.dll

[-] 2005-06-18 06:49 . ECE5D8E5C4B797F057E6933B539A7982 . 574976 . . [6.00.2800.1511] . . c:\windows\SoftwareDistribution\Download\2b8174cacb2d324011c75f0db152a026\rtmgdr\wininet.dll

[-] 2005-04-27 17:54 . DFD44FB5F51809859B4BA320735A2274 . 574976 . . [6.00.2800.1505] . . c:\windows\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\rtmgdr\wininet.dll

[-] 2005-04-27 17:51 . DAE47D23F08B81C08FD4872FD1E1C451 . 585216 . . [6.00.2800.1506] . . c:\windows\SoftwareDistribution\Download\ea4fe5325a873581baacd3ab51700fd2\RTMQFE\wininet.dll

[-] 2005-02-18 23:19 . 33BDE2B6C11C96969E1CBF894C5980AF . 592384 . . [6.00.2800.1496] . . c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll

[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wininet.dll

[-] 2004-02-07 01:05 . 4F64D1DF989E3AA2FAD91A2F1167B9C7 . 588288 . . [6.00.2800.1405] . . c:\windows\$NtUninstallKB890923-IE6SP1-20050225.103456$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2006-08-16 . 7B6A08441A4F11320421599D7ECF8D41 . 70656 . . [5.1.2600.1886] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2006-05-19 . 3748E0FC8C1B6ADA49F98C8E69A4228C . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819$\ws2_32.dll

[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ws2_32.dll

[-] 2003-07-10 . 06BF1D3C21274F92DDD0E09317C80B35 . 70656 . . [5.1.2600.1240] . . c:\windows\$NtUninstallKB914388$\ws2_32.dll

[-] 2001-08-23 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB817778$\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\explorer.exe

[-] 2003-05-12 . A73BC66A95CF4F7B597FC8975778A889 . 996352 . . [6.00.2800.1221] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2002-08-29 . A82B28BFC2E4455FE43022A498C0EF0A . 1004032 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB820291$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\srsvc.dll

[-] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\eventlog.dll

[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\sfcfiles.dll

[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2001-08-23 . 9E415EFDF50F26BCBC97C80F4E6C30CC . 1562112 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ309521$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ctfmon.exe

[-] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2004-10-28 . AD324E21EF7E668C9910EB5ADF6495C0 . 116736 . . [6.00.2800.1605] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\shsvcs.dll

[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\regsvc.dll

[-] 2001-08-23 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\schedsvc.dll

[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$hf_mig$\KB841873\SP1QFE\schedsvc.dll

[-] 2004-06-08 . 08D72F6490CD85AA1C12EF3B56299936 . 172544 . . [5.1.2600.1564] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB841873$\schedsvc.dll

[-] 2001-08-23 . F6E2095CBC14522CEACD2853620FAF4D . 158720 . . [4.71.2600.1] . . c:\windows\$NtUninstallKB841873_RTM$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ssdpsrv.dll

[-] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2001-08-23 . 126D90EE937FFEBACEE30BCA13D92F97 . 39936 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ315000$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\termsrv.dll

[-] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2001-08-23 . 458635D2E4559526CF9C895340A38702 . 197632 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ311889$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\appmgmts.dll

[-] 2002-08-29 . AE0BDD0E65987747988861103B50FA4F . 156672 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys

[-] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2008-04-14 03:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\aec.sys

[-] 2002-08-29 06:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys

[-] 2008-04-14 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\agp440.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ip6fw.sys

[-] 2003-06-30 . EDDCA9C72F1E7F2E2E2AB6AD7106C4A5 . 29952 . . [5.1.2600.1240] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll

[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2008-04-14 10:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2001-08-23 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\msgsvc.dll

[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2003-10-21 . 41C5F3B926942EBDD35C6BF4154FE5F8 . 32256 . . [5.1.2600.1309] . . c:\windows\$xpsp1hfm$\KB828035\msgsvc.dll

[-] 2003-10-21 . 30846EB33203E3E777B87EAD4ED1B2D9 . 32256 . . [5.1.2600.121] . . c:\windows\$NtUninstallKB828035$\msgsvc.dll

[-] 2001-08-23 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB828035_RTM$\msgsvc.dll

[-] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\ERDNT\cache\MsPMSNSv.dll

[-] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-09-23 02:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\mspmsnsv.dll

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe

[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2005-03-02 . 62C353C0449FD961EF7814973FC2FD30 . 1955840 . . [5.1.2600.1634] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe

[-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntkrnlpa.exe

[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2003-04-24 . 46AE6F2D416C39FFDCFC8BCB01203EA3 . 1949440 . . [5.1.2600.1151] . . c:\windows\$xpsp1hfm$\Q811493\ntkrnlpa.exe

[-] 2002-08-29 . 0E8EFB15746878A9B256E75267337233 . 1947904 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ811493$\ntkrnlpa.exe

[-] 2002-02-25 . 01FD1F7C82B263F1667A1CEA095756C5 . 1897856 . . [5.1.2600.31] . . c:\windows\$NtUninstallQ811493_RTM$\ntkrnlpa.exe

[-] 2001-08-23 . 46E2E3DCF54B819CFB2EBFE48A22B5C9 . 1896704 . . [5.1.2600.0] . . c:\windows\$NtUninstallQ317277$\ntkrnlpa.exe

[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll

[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2008-04-14 10:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\ntmssvc.dll

[-] 2002-08-29 10:41 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\upnphost.dll

[-] 2002-08-29 . 848CE0601B58410FF2DFB6BC8449AFE7 . 164864 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 20:50 1197448 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KITCO"="c:\program files\Kitco\Kcast\Kcast" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]

"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-03 180269]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office2K\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-12 15:52 12464 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [12/27/2005 5:42 PM 9344]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/11/2010 3:53 PM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/11/2010 3:53 PM 242696]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 11:41 AM 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 11:51 AM 308064]

R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [9/15/2003 7:06 PM 19016]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/29/2007 4:30 PM 20160]

S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/5/2008 3:53 AM 44928]

S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [12/27/2005 5:42 PM 459648]

.

Contents of the 'Scheduled Tasks' folder

2010-03-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\aida\Application Data\Mozilla\Firefox\Profiles\eswlnpz7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.quote.com/us/futures/chart.action?s=DX+H0&chartUi.period=V&chartUi.bardensity=MEDIUM&chartUi.bartype=BAR&chartUi.size=650x450&chartUi.minutes=60|http://www.quote.com/us/futures/chart.action?s=ZS+K0&chartUi.period=D&chartUi.bardensity=MEDIUM&chartUi.bartype=BAR&chartUi.size=650x450&chartUi.minutes=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-30 01:22

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2010-03-30 01:37:19

ComboFix-quarantined-files.txt 2010-03-30 05:37

ComboFix2.txt 2010-03-30 03:42

Pre-Run: 1,690,243,072 bytes free

Post-Run: 1,684,131,840 bytes free

- - End Of File - - 4BE035A44AEABC3DBFF62F9DA9A895D3

[screen317]

Let's stick to one computer before proceeding to the other.

On the Asus computer, what symptoms are currently being experienced?

Navigate to Start --> Run, type in cmd.exe and press Enter. A block box should come up.

Enter this command:

net start CryptSvc

Press Enter.

Copy and paste the results that are returned.

-screen317

[david888m]

Let's stick to one computer before proceeding to the other.

On the Asus computer, what symptoms are currently being experienced?

Navigate to Start --> Run, type in cmd.exe and press Enter. A block box should come up.

Enter this command:

net start CryptSvc

Press Enter.

Copy and paste the results that are returned.

-screen317

Hasn't been any symptoms yet as of today on the Asus.

C:\Documents and Settings\aida>CryptSvc

'CryptSvc' is not recognized as an internal or external command,

operable program or batch file.

C:\Documents and Settings\aida>net start CryptSvc

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

[david888m]

Let's stick to one computer before proceeding to the other.

On the Asus computer, what symptoms are currently being experienced?

Navigate to Start --> Run, type in cmd.exe and press Enter. A block box should come up.

Enter this command:

net start CryptSvc

Press Enter.

Copy and paste the results that are returned.

-screen317

The only symptoms I had before was disabling of my DSL access some time ago.

[screen317]

Okay. Give me some information on your current network set up. How is it configured? Is it wireless? How many computers are connected to it and do they have disabled access?

[david888m]

Okay. Give me some information on your current network set up. How is it configured? Is it wireless? How many computers are connected to it and do they have disabled access?

[david888m]

I currently have 2 desktops and a notebook connected by wires to a router.

Since the Dell was seriously infected and may still be infected (after bios flashed, boot record fixed, fdisked, high formatted, and ComboFix found and fixed 3 infected system files), I have put it on a different workgroup.

[david888m]

I currently have 2 desktops and a notebook connected by wires to a router.

Since the Dell was seriously infected and may still be infected (after bios flashed, boot record fixed, fdisked, high formatted, and ComboFix found and fixed 3 infected system files), I have put it on a different workgroup.

The seriously infected Dell and the Asus are the desktops. As for the Asus and the notebook, I didn't reformat the hard disks, etc. The latter 2 have merely been scanned daily with multiple antiviral solutions with extremely few malware found.

Do you think the Asus desktop is infected based on the previously posted logs?

Thanks.

[screen317]

Hi,

My apologies for the delay.

I am leaning toward no, that the Asus desktop is not infected. Let's run this online scan to confirm.

First, I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

• Click Start Scanning.
  
• You should get a notification bar (on top) to install the ActiveX control.
  
• Click on it and select to install the ActiveX.
  
• Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  
• In case you are having problems with installing the ActiveX/starting the scan, please read here.
  
• Click the Full System Scan button.
  
• It will start to download scanner components and databases. This can take a while.
  
• The main scan will start.
  
• Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  
• It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  
• The cleaning can take a while, so please be patient.
  
• Then click the Show report button and Copy/Paste what is present under results in your next reply.
  

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain on the Asus computer.

-screen317

[david888m]

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

[*]Then click the Show report button and Copy/Paste what is present under results in your next reply.

[*]Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

[*]A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain on the Asus computer.

-screen317

In Control Panel, I don't have Programs and Features. Moreover, I don't see AskBarDis in Add/Remove Programs.

Scanning Report

Thursday, April 8, 2010 02:58:06 - 06:27:35

Computer name: ADMIN

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

No malware found

Statistics

Scanned:

* Files: 34853

* System: 3470

* Not scanned: 8

Actions:

* Disinfected: 0

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\SAM

* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

* C:\DOCUMENTS AND SETTINGS\AIDA\LOCAL SETTINGS\TEMP\HSPERFDATA_AIDA\3820

* C:\DOCUMENTS AND SETTINGS\AIDA\LOCAL SETTINGS\TEMP\HSPERFDATA_AIDA\268

Options

Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

* Use advanced heuristics

Copyright

[screen317]

Hi,

On the ASUS, do this:

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

On the Dell, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

[david888m]

Hi,

On the ASUS, do this:

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

On the Dell, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

I ran DDS, Combofix, etc. on Dell and posted the logs here some time ago. Below is the current DDS log. Thanks.

DDS (Ver_10-03-17.01) - FAT32x86

Run by Administrator at 12:34:55.60 on Mon 04/12/2010

Internet Explorer: 6.0.2600.0000

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.254.25 [GMT -4:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\NetZero\exec.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\MyDocs\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch

uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll

BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll

TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll

EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun

uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [synchronization Manager] mobsync.exe /logon

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ort6yxoa.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-27 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-27 185089]

R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2010-3-27 65240]

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2010-3-27 61712]

R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2010-3-27 49776]

R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [2010-3-27 602128]

=============== Created Last 30 ================

2010-12-25 05:30:21 985 ----a-w- c:\winnt\ODBC.INI

2010-04-12 16:34:59 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_294.dat

2010-04-12 16:12:48 0 d-----w- c:\program files\VideoLAN

2010-04-12 16:11:04 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_100.dat

2010-04-11 04:23:56 0 d-----w- c:\program files\Haihaisoft Universal Player

2010-04-09 02:02:00 16445 ----a-w- c:\winnt\system32\dllcache\imagemap.exe

2010-04-07 19:40:06 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_424.dat

2010-04-07 19:39:08 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_3f8.dat

2010-04-07 19:36:46 0 d-----w- c:\program files\Aureal

2010-04-07 16:51:57 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_4b4.dat

2010-04-07 06:21:15 0 d-sh--w- C:\Recycled

2010-04-06 23:31:12 0 d-----w- C:\WUTemp

2010-04-06 22:25:02 54156 ---ha-w- c:\winnt\QTFont.qfn

2010-04-06 22:25:02 1409 ----a-w- c:\winnt\QTFont.for

2010-04-05 04:20:50 98816 ----a-w- c:\winnt\sed.exe

2010-04-05 04:20:50 77312 ----a-w- c:\winnt\MBR.exe

2010-04-05 04:20:50 261632 ----a-w- c:\winnt\PEV.exe

2010-04-05 04:20:50 161792 ----a-w- c:\winnt\SWREG.exe

2010-04-05 02:41:17 0 d-----w- c:\program files\ToniArts

2010-04-01 01:03:45 0 ----a-w- c:\winnt\G

2010-03-31 16:26:55 0 d-----w- c:\program files\Yahoo!

2010-03-30 20:43:15 0 d-s---w- c:\documents and settings\administrator\UserData

2010-03-30 05:46:25 0 d-----w- c:\program files\NetZero

2010-03-30 05:46:24 0 d-----w- c:\docume~1\alluse~1\applic~1\NetZero

2010-03-30 05:46:21 0 d-----w- C:\NetZeroInstaller

2010-03-29 14:29:03 277152 --sha-r- C:\ntldr

2010-03-29 04:52:29 0 d-----w- c:\program files\FXDD - MetaTrader 4

2010-03-28 21:56:05 91920 ----a-w- c:\winnt\system32\CINTLGNT.IME

2010-03-28 21:56:04 118032 ----a-w- c:\winnt\system32\TINTLGNT.IME

2010-03-28 21:56:03 1696 ----a-w- c:\winnt\system32\noise.cht

2010-03-28 21:56:03 12560 ----a-w- c:\winnt\system32\dllcache\chtbrkr.dll

2010-03-28 21:56:03 12560 ----a-w- c:\winnt\system32\chtbrkr.dll

2010-03-28 21:56:01 18600 ----a-w- c:\winnt\system32\arrayhw.tab

2010-03-28 21:56:01 146126 ----a-w- c:\winnt\system32\array30.tab

2010-03-28 21:56:00 16312 ----a-w- c:\winnt\system32\arptr.tbl

2010-03-28 21:56:00 1577216 ----a-w- c:\winnt\system32\dllcache\cjime.exe

2010-03-28 21:56:00 1577216 ----a-w- c:\winnt\system32\cjime.exe

2010-03-28 21:56:00 110566 ----a-w- c:\winnt\system32\arphr.tbl

2010-03-28 21:36:16 344 ----a-w- c:\winnt\system32\PINTLPAD.CNT

2010-03-28 21:36:16 290816 ----a-w- c:\winnt\system32\IMEPAD.DLL

2010-03-28 21:36:16 290816 ----a-w- c:\winnt\system32\dllcache\imepad.dll

2010-03-28 21:36:16 154487 ----a-w- c:\winnt\system32\PINTLPAD.HLP

2010-03-28 21:36:15 73787 ----a-w- c:\winnt\system32\PINTLGNT.IME

2010-03-28 21:36:15 0 d-----w- c:\winnt\system32\IME

2010-03-28 21:25:10 63 ----a-w- c:\winnt\mdm.ini

2010-03-28 20:52:23 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit Software

2010-03-28 20:51:16 0 d-----w- c:\program files\Foxit Software

2010-03-28 20:51:16 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit

2010-03-28 20:20:59 0 d-----w- c:\program files\IZArc

2010-03-28 20:18:13 0 d-----w- c:\winnt\ShellNew

2010-03-28 19:35:43 0 d-----w- c:\docume~1\admini~1\applic~1\SogouPY.users

2010-03-28 19:34:51 0 d-----w- c:\program files\SogouInput

2010-03-28 19:34:50 0 d-----w- c:\docume~1\admini~1\applic~1\SogouPY

2010-03-28 10:46:44 452096 ----a-w- c:\winnt\system32\igfxrptg.lrc

2010-03-28 10:01:51 306688 ----a-w- c:\winnt\IsUninst.exe

2010-03-28 09:53:14 0 d-----w- C:\dell

2010-03-28 09:43:59 283648 ----a-w- c:\winnt\uninst.exe

2010-03-28 09:04:11 969 ----a-w- c:\winnt\juno.ini

2010-03-28 00:05:13 0 d-----w- c:\documents and settings\administrator\DoctorWeb

2010-03-27 18:54:58 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-03-27 17:59:42 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-27 17:58:28 65240 ----a-w- c:\winnt\system32\drivers\avgntflt.sys

2010-03-27 17:58:28 0 d-----w- c:\program files\Avira

2010-03-27 17:58:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-03-27 17:58:05 0 d-----w- c:\winnt\winsxs

2010-03-27 17:54:44 0 d-----w- c:\winnt\system32\Windows Media

2010-03-27 17:53:59 0 d--h--w- c:\winnt\$NtUpdateRollupPackUninstall$

2010-03-27 17:53:58 0 d-----w- c:\winnt\msiinst.tmp

2010-03-27 17:52:45 0 d-----w- c:\winnt\ime

2010-03-27 17:52:41 0 d--h--w- c:\program files\WindowsUpdate

2010-03-27 17:52:39 0 d-----w- c:\winnt\system32\Microsoft

2010-03-27 17:47:45 0 d-----w- c:\winnt\system32\ie_de

2010-03-27 17:47:45 0 d-----w- c:\winnt\system32\CertSrv

2010-03-27 17:47:45 0 d-----w- c:\winnt\ServicePackFiles

2010-03-27 17:46:41 3856 ------w- c:\winnt\system32\SVCPACK1.DLL

2010-03-27 17:44:52 977680 ----a-w- c:\winnt\system32\vfpodbc.dll

2010-03-27 17:43:58 85776 ----a-w- c:\winnt\system32\smlogsvc.exe

2010-03-27 17:42:55 444176 ----a-w- c:\winnt\system32\oieng400.dll

2010-03-27 17:41:59 353 ------w- c:\winnt\system32\extenum.ldf

2010-03-27 17:40:54 305664 ----a-w- c:\winnt\system32\msihnd.dll

2010-03-27 17:40:51 64512 ----a-w- c:\winnt\system32\msiexec.exe

2010-03-27 17:40:46 2017792 ----a-w- c:\winnt\system32\msi.dll

2010-03-27 17:40:04 319760 ----a-w- c:\winnt\system32\msexcl40.dll

2010-03-27 17:40:03 512272 ----a-w- c:\winnt\system32\msexch40.dll

2010-03-27 17:40:02 844560 ----a-w- c:\winnt\system32\msdxm.ocx

2010-03-27 17:40:02 4126 ----a-w- c:\winnt\system32\msdxmlc.dll

2010-03-27 17:37:42 63248 ----a-w- c:\winnt\system32\winime.ime

2010-03-27 17:37:41 76048 ----a-w- c:\winnt\system32\phon.ime

2010-03-27 17:37:41 75536 ----a-w- c:\winnt\system32\winar30.ime

2010-03-27 17:37:41 74512 ----a-w- c:\winnt\system32\quick.ime

2010-03-27 17:37:41 74000 ----a-w- c:\winnt\system32\uniime.dll

2010-03-27 17:37:41 74000 ----a-w- c:\winnt\system32\dllcache\uniime.dll

2010-03-27 17:37:41 62736 ----a-w- c:\winnt\system32\unicdime.ime

2010-03-27 17:37:41 25360 ----a-w- c:\winnt\system32\romanime.ime

2010-03-27 17:35:59 618889 ----a-w- c:\winnt\system32\instcat.sql

2010-03-27 17:34:58 97552 ----a-w- c:\winnt\system32\comrepl.dll

2010-03-27 17:10:47 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2010-03-27 17:10:45 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys

2010-03-27 17:10:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-27 17:10:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-27 16:52:28 0 d-----w- C:\UNINST

2010-03-27 08:44:30 0 d-----w- C:\UTIL

2010-03-27 08:43:27 0 d-----w- c:\program files\SSH Communications Security

2010-03-27 08:43:26 0 d-----w- c:\program files\RegClean

2010-03-27 08:43:24 0 d-----w- c:\program files\QPRO

2010-03-27 08:42:42 0 d-----w- c:\program files\ATF Cleaner

2010-03-27 08:35:57 0 d-----w- c:\program files\Juno

2010-03-27 08:33:21 0 d-----r- C:\MYDOCS

2010-03-27 08:33:19 0 d-----w- C:\juno2

2010-03-27 08:33:17 0 d-----w- C:\juno1

2010-03-27 08:33:17 0 d-----w- C:\Index

2010-03-27 08:33:17 0 d-----w- C:\Futures

2010-03-27 08:33:17 0 d-----w- C:\FOREX

2010-03-27 08:33:14 0 d-----w- C:\EXPORT

2010-03-27 08:32:53 0 d-----w- C:\COMM

2010-03-27 08:32:20 0 d-----w- C:\BAT

2010-03-27 08:32:20 0 d-----w- C:\antbar

2010-03-27 08:23:52 1280786 ---h--w- c:\winnt\ShellIconCache

2010-03-27 08:15:37 12592 ----a-w- c:\winnt\system32\drivers\usbscan.sys

2010-03-27 08:15:06 416 ----a-w- c:\winnt\MAXLINK.INI

2010-03-27 08:14:56 0 d-----w- c:\program files\common files\ScanSoft Shared

2010-03-27 08:14:24 0 d-----w- c:\program files\ScanSoft

2010-03-27 08:13:03 197632 ----a-w- c:\winnt\system32\CNMLM83.DLL

2010-03-27 08:12:58 73728 ----a-w- c:\winnt\system32\CNCU160.DLL

2010-03-27 08:12:58 135168 ----a-w- c:\winnt\system32\CNCL160.DLL

2010-03-27 08:09:20 27136 ----a-w- c:\winnt\system32\dllcache\mspatcha.dll

2010-03-27 08:07:19 0 d-----w- c:\program files\Canon

2010-03-27 07:40:47 0 d-sh--w- c:\documents and settings\all users\DRM

2010-03-27 07:38:06 0 d-----w- c:\program files\Accessories

2010-03-27 07:38:01 0 d-----w- c:\program files\Windows NT

2010-03-27 07:31:02 0 d-----w- c:\program files\common files\ODBC

2010-03-27 07:30:39 0 d-----w- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-03-27 07:40:44 271 ---h--w- c:\program files\desktop.ini

2010-03-27 07:40:44 21952 ---h--w- c:\program files\folder.htt

2010-03-27 07:39:32 15012 ----a-w- c:\winnt\system32\emptyregdb.dat

1999-12-07 01:00:00 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 12:35:33.47 ===============

[david888m]

I ran DDS, Combofix, etc. on Dell and posted the logs here some time ago. Below is the current DDS log. Thanks.

The previous DDS, Combofix, etc logs were posted in this thread: "Mar 29 2010, 11:10 PM

Post #11"