Jump to content

Recommended Posts

Hello

The limits of my knowledge have been reached, time to ask an expert. I've spent several days searching online forums for identical symptoms to no avail. Have tried 2 or 3 spyware/malware removers (other than Malwarebytes,the best) twice a registry restore and an EXE fix and still have the same dysfunctions.

This is my daughters computer, about Christmas time it was infected with the security alert virus. I thought at the time the issue was resolved, everything appeared to be working normally after Malwarebytes and Avast scan and removal.

My current issues are:

Cannot open any EXE files in normal mode, first got a rundll.32 application not found error, then all files give me an open with option.

Am running in safe mode at the moment the only way she will work.

Have downloaded current version of Avast but am not able to get it to turn on it will not respond to any action.

Here is the latest Malwarebytes scan and the last one showing infections.

defogger is enabled.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6337

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/11/2011 7:48:55 PM

mbam-log-2011-04-11 (19-48-55).txt

Scan type: Full scan (C:\|)

Objects scanned: 211341

Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6226

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/6/2011 12:41:15 PM

mbam-log-2011-04-06 (12-41-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 218639

Time elapsed: 17 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Jasmine\local settings\Temp\0.31644966148573095.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6226

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/6/2011 12:41:15 PM

mbam-log-2011-04-06 (12-41-15).txt

Scan type: Full scan (C:\|)

Objects scanned: 218639

Time elapsed: 17 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jasmine\Local Settings\Application Data\pej.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Jasmine\local settings\Temp\0.31644966148573095.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

ark.zip

Attach.zip

DDS.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log. Then run DDS again and post DDS.txt directly into your reply instead of attaching it.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

screen317,

Here are the logs you requested.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6354

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/13/2011 5:28:22 PM

mbam-log-2011-04-13 (17-28-22).txt

Scan type: Quick scan

Objects scanned: 168726

Time elapsed: 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/31/2009 5:28:26 PM

System Uptime: 4/10/2011 9:43:05 AM (80 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Intel Pentium III Xeon processor | Microprocessor | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 59 GiB total, 24.922 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Manufacturer: Marvell

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Service: yukonwxp

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

BitTorrent

Bonjour

CA Yahoo! Anti-Spy (remove only)

CCleaner

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Dell Webcam Central

Dell Wireless WLAN Card Utility

Diskeeper Professional Premier Edition

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Memories Disc

IDT Audio

Integrated Webcam Driver (1.02.01.0320)

Intel® Graphics Media Accelerator Driver

InterActual Player

iTunes

IZArc 3.81

Java Auto Updater

Java 6 Update 23

KODAK Share Button App

Lexmark 2600 Series

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware

Marvell Miniport Driver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.16)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hello again,

Ran both scans(below), am still getting an open with box for all programs in a normal mode. Still running in safe mode.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=4ec77412a540c34bac381a269cbac565

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-04-15 02:02:11

# local_time=2011-04-14 10:02:11 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=770 16774142 0 2 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=47698

# found=6

# cleaned=6

# scan_time=1540

C:\Documents and Settings\Administrator.JASMINEPC\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\6.0\37\3e85f8e5-307720e5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jasmine\Application Data\Sun\Java\Deployment\cache\6.0\39\bc0fce7-6979253f a variant of Java/TrojanDownloader.OpenStream.NBF trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\TrendMicro\HiJackThis\backups\backup-20100326-131641-792.dll Win32/Adware.Gamevance application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{9BFB266D-3C7E-4EB3-BF9A-895EDB45256E}\RP1\A0000016.dll Win32/Adware.Gamevance application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 23

Out of date Java installed!

Adobe Flash Player 10.2.152.32

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.16) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Is it only with .exe files? If you rename them to .com, does the Open With box still appear?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    sfcfiles.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Hello again,

I was in the middle of responding to your post last night and lost power due to a wicked wind. All is good we are back in business this morning.

Back to your post, I am pretty sure that only .exe files are affected, however I do not know how to change one to .com in order to answer your question. Computer programing from 30+ years ago helps to understand some of the logic involved but it has been a long time and I have forgotten a lot.

Here is the latest log requested, Thanks

SystemLook 04.09.10 by jpshortstuff

Log created at 07:35 on 16/04/2011 by Administrator

Administrator - Elevation successful

========== filefind ==========

Searching for "sfcfiles.dll"

C:\WINDOWS\system32\sfcfiles.dll --a---- 1614848 bytes [20:46 08/05/2008] [20:46 08/05/2008] 9F42478360E9B053A6703DEF39B4CE33

-= EOF =-

Link to post
Share on other sites

HI,

I found a tutorial on changing file extensions and was able to change an .exe to a .com and it worked without an open with option. After we have finished removing all the virus', could we resolve this issue as well?

Also, while trying to figure out why I can't get my avast to turn on, I discovered an antivirus.evt in the system. Is this a possible issue that needs to be resolved as well?

I need to get this thing up an running soon, my daughter needs this thing for school work.

Thanks

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Run this .reg file; it should restore .exe functionality:

http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

After running it, restart your computer and see if .exe files will run.

I discovered an antivirus.evt in the system. Is this a possible issue that needs to be resolved as well?
Where did you find it?
Link to post
Share on other sites

Hello Chris(I hope thats ok i'm Art)

It may be time to fire your assistant at this end. Stupid mistakes create more problems.

I downloaded xp_exe_fix.zip and applied, however stupid me did not close Firefox browser and recieved Registry Editor error "cannot import c:\windows\temp\arc39\xp_exe_fix.reg not all data was successfuly written to the regestry. Some keys are open by system or other process".I closed the browser and ran it again, switched over to normal mode to check if repair was successful. It was not. I still recieve an "open with" window.

Now I have created another problem for you to help me repair. Firefox was the .exe file that I renamed to .com and changed back. After applying the exe fix this morning I now recieve the following:

16BIT MS-DOS Subsystem

C:\DOCUME~1\ALLUSE~1\Desktop\MOZILL~1.PIF

Invalid programe file name. Please check your pif file. Chose 'close' to terminate application.

I did a system search for the above file and came up with no result.(could be a hidden file?)

Had to search out internet explorer to reply to you, it is never used, dosen't have a shortcut and isn't even listed in the programs in the start menu.

As for the EVT, I did a search for antivirus in the system and found

Antivirus.evt

C:\WINDOWS\system32\config

modified 7\10\2010 size 128kb

Also found a 1kb dat file in C:\Qoobox\quarantine\Registry_backups, is this anything to be concerned about?

Thanks Art

Link to post
Share on other sites

  • Staff

Hi Art. :)

Click Start --> Programs --> Accessories --> Windows Explorer

From there, click Tools --> Folder Options --> File Types

Create a new file type EXE; set its associated file type with Application.

Restart your computer and see if executables will run.

I recommend uninstalling Firefox, grabbing a fresh copy from Mozilla and reinstalling it; see if that solves the issue.

Zip up this file and attach it to your post:

C:\WINDOWS\system32\config\Antivirus.evt

Also found a 1kb dat file in C:\Qoobox\quarantine\Registry_backups, is this anything to be concerned about?

Don't worry about that-- Qoobox is ComboFix's quarantine.
Link to post
Share on other sites

Hi Chris,

So here is where we are at.

Twice tried to create EXE (application) file, after generating a new file I assumed the apply tab would engage it didn't. As you can tell from the "twice tried" this procedure was unsuccessful.

New version of Firefox will take some time to get used to, have been resisting the upgrade for a while.

I haven't zipped a file for a long time I hope this is correct.

Thanks Art

Antivirus.zip

Link to post
Share on other sites

  • Staff

Hi,

Please open Notepad. Copy and paste the following text (starting with @echo off) into the Notepad document.

Navigate to File --> Save As..., and save the file as RegExport.bat (make sure the Save As Type is set to All Files).

Save it to your Desktop.

@echo off
copy C:\Windows\REGEDIT.exe C:\Windows\REGEDIT.com
REGEDIT.com /E "%userprofile%\DESKTOP\EXE.reg" "HKEY_CLASSES_ROOT\exefile"
EXIT

Now navigate to your Desktop, and double click RegExport.bat

A black window will open and close quickly. This is normal.

Now, open Notepad, navigate to your Desktop, and open EXE.reg.

Link to post
Share on other sites

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]

@="Application"

"EditFlags"=hex:38,07,00,00

"TileInfo"="prop:FileDescription;Company;FileVersion"

"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]

@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]

"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]

@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser]

@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps]

@="{86F19A00-42A0-1069-A2E9-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]

@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Link to post
Share on other sites

Hello Chris,

After preforming all the prep work to run Combofix, it informed me that Avast was still running. Apparently whatever bugger has taken over this machine had corrupted the fresh download. The user interface showed that nothing was enabled and I had disabled it from the systray, Combofix showed it running so I removed it from the system before continuing. Here is the fresh log you requested.

Thanks Art

ComboFix 11-04-26.03 - Administrator 04/27/2011 8:38.2.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2744 [GMT -4:00]

Running from: c:\documents and settings\Administrator.JASMINEPC\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\regedit.com

.

.

((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))

.

.

2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-04-22 00:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-04-22 00:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-04-22 00:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-04-22 00:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-04-22 00:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-04-22 00:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-15 01:28 . 2011-04-15 01:28 -------- d-----w- c:\program files\ESET

2011-04-12 18:27 . 2011-04-12 18:27 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\Adobe

2011-04-09 00:51 . 2011-04-09 00:51 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\PackageAware

2011-04-08 15:08 . 2011-04-08 15:08 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Application Data\QuickScan

2011-04-08 01:05 . 2011-04-08 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-07 02:46 . 2011-04-27 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-04-07 02:46 . 2011-04-07 23:52 -------- d-----w- c:\program files\AVAST Software

2011-04-07 02:07 . 2011-04-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-04-07 00:38 . 2011-04-07 02:54 -------- d-----w- c:\program files\Free Window Registry Repair

2011-04-07 00:11 . 2011-04-07 00:11 -------- d-sh--w- c:\documents and settings\Administrator.JASMINEPC\PrivacIE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-06 01:42 . 2011-02-06 01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-06 01:42 . 2011-02-06 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 07:58 . 2009-07-31 21:23 2067456 ----a-w- c:\windows\system32\mstscax.dll

2008-10-28 17:41 . 2009-12-11 06:39 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2008-10-28 17:41 . 2009-12-11 06:39 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2008-10-28 17:41 . 2009-12-11 06:39 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2008-10-28 17:41 . 2009-12-11 06:39 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2008-10-28 17:41 . 2009-12-11 06:39 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2008-10-28 17:41 . 2009-12-11 06:39 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2008-10-28 17:41 . 2009-12-11 06:39 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2011-03-18 17:53 . 2011-04-22 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-05-08 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-04-13_22.34.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-02-28 12:00 . 2011-04-13 22:31 71462 c:\windows\system32\perfc009.dat

+ 2006-02-28 12:00 . 2011-04-27 12:25 71462 c:\windows\system32\perfc009.dat

+ 2006-02-28 12:00 . 2011-04-27 12:25 441692 c:\windows\system32\perfh009.dat

- 2006-02-28 12:00 . 2011-04-13 22:31 441692 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [11/10/2009 1:00 PM 98984]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/31/2009 5:56 PM 20160]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/31/2009 7:07 PM 113024]

S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/31/2009 7:07 PM 1656960]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/11/2009 3:31 AM 144128]

S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [6/7/2007 5:00 PM 148056]

S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [3/6/2009 7:30 AM 133632]

S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [3/19/2009 5:02 PM 271552]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{668F4B5E-1BF3-4D04-9D35-8596016AA21C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forums

FF - ProfilePath - c:\documents and settings\Administrator.JASMINEPC\Application Data\Mozilla\Firefox\Profiles\8o1chhqk.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-27 08:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1659004503-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(564)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-04-27 08:42:18

ComboFix-quarantined-files.txt 2011-04-27 12:42

ComboFix2.txt 2011-04-13 22:35

.

Pre-Run: 29,007,245,312 bytes free

Post-Run: 29,033,926,656 bytes free

.

- - End Of File - - 73BC54C9409F079A8AD1BA716377BD22

Link to post
Share on other sites

  • Staff

Hi,

Can you boot into Normal Mode? In detail, describe the symptoms you are currently experiencing.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

MIA::
c:\windows\system32\sfcfiles.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hi,

Yes, am able to boot in normal mode, however still having issue with .exe files. Here is what I attempted today.

Opened My Computer>C Drive>view system information and received the following error,

Control Panel

C:\WINDOWS\system32\rundll32.exe

Application not found

Windows security alerts shield is red. Receive an open with window, file: rundll32.exe.

Tried to open Adobe reader with Adobe reader(open with) and got "Adobe reader can't open AcroRd32.exe not a supported file type or a damaged file."

I also tried again to create a new EXE Application file without success. As I'm sure you know, the drop down window allows me 6 options other than straight application.

Have yet to download fresh copy of antivirus, until we resolve the exe issue I can't get it to work anyway.

And finally, having read through several forums, I do not have CD for the XP operating software. I do have access to an old desktop with XP operating system should I need to snatch something off it with a zip drive.

Here are your logs.

ComboFix 11-04-27.03 - Administrator 04/28/2011 7:09.3.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2755 [GMT -4:00]

Running from: c:\documents and settings\Administrator.JASMINEPC\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator.JASMINEPC\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))

.

.

2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-04-22 00:45 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-04-22 00:45 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-04-22 00:45 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-04-22 00:45 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-04-22 00:45 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-04-22 00:45 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-04-22 00:45 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-15 01:28 . 2011-04-15 01:28 -------- d-----w- c:\program files\ESET

2011-04-12 18:27 . 2011-04-12 18:27 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\Adobe

2011-04-09 00:51 . 2011-04-09 00:51 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Local Settings\Application Data\PackageAware

2011-04-08 15:08 . 2011-04-08 15:08 -------- d-----w- c:\documents and settings\Administrator.JASMINEPC\Application Data\QuickScan

2011-04-08 01:05 . 2011-04-08 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-04-07 02:46 . 2011-04-27 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-04-07 02:46 . 2011-04-07 23:52 -------- d-----w- c:\program files\AVAST Software

2011-04-07 02:07 . 2011-04-07 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-04-07 00:38 . 2011-04-07 02:54 -------- d-----w- c:\program files\Free Window Registry Repair

2011-04-07 00:11 . 2011-04-07 00:11 -------- d-sh--w- c:\documents and settings\Administrator.JASMINEPC\PrivacIE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-07 05:33 . 2009-07-31 21:24 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2008-04-14 09:42 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2008-04-14 05:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 23:06 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2008-04-14 09:41 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 11:41 . 2008-04-14 04:07 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2008-04-14 04:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-07-31 23:18 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-06 01:42 . 2011-02-06 01:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-06 01:42 . 2011-02-06 01:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 07:58 . 2009-07-31 21:23 2067456 ----a-w- c:\windows\system32\mstscax.dll

2008-10-28 17:41 . 2009-12-11 06:39 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2008-10-28 17:41 . 2009-12-11 06:39 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2008-10-28 17:41 . 2009-12-11 06:39 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2008-10-28 17:41 . 2009-12-11 06:39 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2008-10-28 17:41 . 2009-12-11 06:39 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2008-10-28 17:41 . 2009-12-11 06:39 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2008-10-28 17:41 . 2009-12-11 06:39 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2008-10-28 17:41 . 2009-12-11 06:39 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2011-03-18 17:53 . 2011-04-22 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-05-08 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-04-13_22.34.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2006-02-28 12:00 . 2011-04-13 22:31 71462 c:\windows\system32\perfc009.dat

+ 2006-02-28 12:00 . 2011-04-28 10:58 71462 c:\windows\system32\perfc009.dat

- 2008-04-14 09:42 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll

- 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll

+ 2009-03-08 09:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll

+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dnsrslvr.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-12-25 15:35 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll

- 2009-12-25 15:35 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2008-04-14 09:41 . 2008-04-14 09:41 45568 c:\windows\system32\dllcache\dnsrslvr.dll

+ 2008-04-14 09:41 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll

- 2011-01-25 16:34 . 2011-01-25 16:34 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-04-28 10:42 . 2011-04-28 10:42 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2010-05-05 22:52 . 2011-02-24 02:52 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2010-05-05 22:52 . 2011-04-28 10:48 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll

+ 2011-04-28 10:53 . 2011-04-28 10:53 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\368187bcb570d202a019fc7c53b1df4c\UIAutomationProvider.ni.dll

+ 2011-04-28 10:46 . 2011-04-28 10:46 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\2740ba673b1040f1995f13c6044da64c\PresentationFontCache.ni.exe

+ 2011-04-28 10:45 . 2011-04-28 10:45 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\8514e7de63d46b6f8232ef70d93a1650\PresentationCFFRasterizer.ni.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2009-08-04 16:58 . 2011-03-09 22:00 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-04-28 10:44 . 2011-04-28 10:44 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-10-02 21:04 . 2010-10-02 21:04 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2006-02-28 12:00 . 2011-04-13 22:31 441692 c:\windows\system32\perfh009.dat

+ 2006-02-28 12:00 . 2011-04-28 10:58 441692 c:\windows\system32\perfh009.dat

+ 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll

- 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll

+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll

- 2009-03-08 09:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll

+ 2009-03-08 09:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll

- 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll

+ 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe

- 2008-04-14 09:42 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe

+ 2009-07-31 17:08 . 2011-04-28 10:52 231184 c:\windows\system32\FNTCACHE.DAT

- 2009-07-31 17:08 . 2011-02-09 22:17 231184 c:\windows\system32\FNTCACHE.DAT

+ 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\drivers\afd.sys

- 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys

+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-14 09:42 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll

+ 2008-04-14 04:45 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys

+ 2008-04-14 09:42 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll

+ 2008-04-14 09:42 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll

- 2008-04-14 09:42 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-12-25 15:35 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-07-31 23:19 . 2011-02-17 13:18 455936 c:\windows\system32\dllcache\mrxsmb.sys

- 2007-04-03 12:44 . 2010-09-18 16:23 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2007-04-03 12:44 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll

+ 2008-04-14 09:41 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll

+ 2008-04-14 09:41 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll

- 2008-04-14 09:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll

- 2009-07-31 21:24 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-07-31 21:24 . 2011-03-07 05:33 692736 c:\windows\system32\dllcache\inetcomm.dll

- 2009-12-25 15:35 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-09 21:15 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-09 21:15 . 2011-02-22 23:06 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2008-04-14 09:41 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-04-14 09:41 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-04-14 09:42 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-04-14 09:42 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2008-04-14 09:41 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll

+ 2008-04-14 09:39 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll

- 2008-04-14 04:49 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-04-14 04:49 . 2008-10-16 14:43 138496 c:\windows\system32\dllcache\afd.sys

- 2010-05-11 10:40 . 2010-05-11 10:40 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2010-05-11 10:40 . 2010-05-11 10:40 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-08-04 16:58 . 2011-04-28 10:48 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-08-04 16:58 . 2011-04-28 10:48 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2009-08-04 16:58 . 2011-03-09 22:00 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-04-28 10:42 . 2010-03-10 06:15 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll

+ 2011-04-28 10:42 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll

+ 2011-04-28 10:42 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe

+ 2011-04-28 10:42 . 2009-12-09 05:53 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll

+ 2011-04-28 10:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll

+ 2011-04-28 10:46 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe

+ 2011-04-28 10:46 . 2010-12-20 23:59 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll

+ 2011-04-28 10:46 . 2010-12-20 12:55 173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe

+ 2009-07-31 23:19 . 2011-02-17 13:18 455936 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2011-04-28 10:53 . 2011-04-28 10:53 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\715710f5a31a494ed5c0ec0874dafe3e\WindowsFormsIntegration.ni.dll

+ 2011-04-28 10:53 . 2011-04-28 10:53 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\017be0e6c5f1810f15a696157cd5e2c2\UIAutomationTypes.ni.dll

+ 2011-04-28 10:53 . 2011-04-28 10:53 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\bec5b0a93df12eb26c02c877a4eae678\UIAutomationClient.ni.dll

+ 2011-04-28 10:48 . 2011-04-28 10:48 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e6b7128278d8c0e8382a5685f5b196c6\System.Drawing.Design.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ffe13679e6b3e36e5cb6c47f8c4faf9c\PresentationFramework.Aero.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbb40299379f2009c140ddadb04231b4\PresentationFramework.Classic.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a34cd33cec1bdfebe4a3910bceb8723b\PresentationFramework.Royale.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-10-02 21:05 . 2010-10-02 21:05 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-10-02 21:04 . 2010-10-02 21:05 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2011-04-28 09:47 . 2010-10-23 00:51 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll

- 2008-04-14 09:42 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll

+ 2009-03-08 09:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll

- 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll

+ 2008-04-14 05:00 . 2011-03-03 13:21 1857920 c:\windows\system32\dllcache\win32k.sys

- 2008-04-14 09:42 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-14 09:42 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll

- 2009-12-25 15:35 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 5813072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2010-05-11 10:40 . 2010-05-11 10:40 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-01-18 08:39 . 2011-01-18 08:39 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2011-01-27 18:49 . 2011-01-27 18:49 6825472 c:\windows\Installer\3b92ec.msp

+ 2011-04-05 16:52 . 2011-04-05 16:52 5519872 c:\windows\Installer\3b92b8.msp

+ 2010-11-21 03:34 . 2010-11-21 03:34 1198080 c:\windows\Installer\3b9298.msp

+ 2011-03-18 00:01 . 2011-03-18 00:01 9563648 c:\windows\Installer\3b9290.msp

+ 2011-03-03 15:25 . 2011-03-03 15:25 5051904 c:\windows\Installer\3b9288.msp

+ 2011-01-11 21:50 . 2011-01-11 21:50 8177152 c:\windows\Installer\3b9273.msp

+ 2009-08-17 20:32 . 2009-08-17 20:32 1787728 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\PPCNV.DLL

+ 2011-04-28 10:46 . 2010-12-20 23:59 1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll

+ 2011-04-28 10:46 . 2010-12-20 23:59 1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll

+ 2011-04-28 10:45 . 2011-04-28 10:45 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll

+ 2011-04-28 10:53 . 2011-04-28 10:53 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\9e022c95e79f2b6f383a501ad99f08a9\UIAutomationClientsideProviders.ni.dll

+ 2011-04-28 10:45 . 2011-04-28 10:45 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll

+ 2011-04-28 10:53 . 2011-04-28 10:53 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll

+ 2011-04-28 10:52 . 2011-04-28 10:52 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\dd128c8e21e7fa14c12b71df9892d046\System.Speech.ni.dll

+ 2011-04-28 10:48 . 2011-04-28 10:48 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\85a7a7aace114e78fc6c9b219bcd5551\System.Printing.ni.dll

+ 2011-04-28 10:48 . 2011-04-28 10:48 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1337829e3df6888464a17aab78bb9b8f\System.Data.ni.dll

+ 2011-04-28 10:48 . 2011-04-28 10:48 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\11f1306e0e311a0d0cbd139fb2fa4c36\System.Data.Linq.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\12efddabe6fe35be21246c88ed9bf8ab\ReachFramework.ni.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\257c9327ba9cc5cd87f58de224aa2e0d\PresentationUI.ni.dll

+ 2011-04-28 10:45 . 2011-04-28 10:45 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b117bf63daa7e587f1bb2d975dccb4af\PresentationBuildTasks.ni.dll

- 2010-10-02 21:05 . 2010-10-02 21:05 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2010-10-02 21:05 . 2010-10-02 21:05 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-10-02 21:04 . 2010-10-02 21:04 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2011-04-28 10:44 . 2011-04-28 10:44 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-07-31 23:30 . 2011-04-28 10:44 42181064 c:\windows\system32\MRT.exe

- 2009-03-08 09:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll

+ 2009-03-08 09:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll

+ 2009-12-25 15:35 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll

- 2009-12-25 15:35 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll

+ 2011-04-28 10:47 . 2011-04-28 10:47 20314624 c:\windows\Installer\3b92d8.msp

+ 2011-02-24 13:38 . 2011-02-24 13:38 10984448 c:\windows\Installer\3b92cd.msp

+ 2011-02-12 00:47 . 2011-02-12 00:47 12028928 c:\windows\Installer\3b92a3.msp

+ 2011-04-28 10:46 . 2010-12-21 10:29 11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll

+ 2011-04-28 10:52 . 2011-04-28 10:52 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll

+ 2011-04-28 10:48 . 2011-04-28 10:48 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\5aeadb9ff9a86f49130de5976a9f1744\System.Design.ni.dll

+ 2011-04-28 10:46 . 2011-04-28 10:46 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll

+ 2011-04-28 10:46 . 2011-04-28 10:46 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll

+ 2011-04-28 10:45 . 2011-04-28 10:45 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2010-12-20 18:09 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-05-20 660136]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [11/10/2009 1:00 PM 98984]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [7/31/2009 5:56 PM 20160]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/31/2009 7:07 PM 113024]

S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/31/2009 7:07 PM 1656960]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/11/2009 3:31 AM 144128]

S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [6/7/2007 5:00 PM 148056]

S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [3/6/2009 7:30 AM 133632]

S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [3/19/2009 5:02 PM 271552]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{668F4B5E-1BF3-4D04-9D35-8596016AA21C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forums

FF - ProfilePath - c:\documents and settings\Administrator.JASMINEPC\Application Data\Mozilla\Firefox\Profiles\8o1chhqk.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-28 07:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1659004503-1284227242-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,98,b3,27,88,2e,ae,48,80,9b,a3,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(564)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(528)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-04-28 07:13:14

ComboFix-quarantined-files.txt 2011-04-28 11:13

ComboFix2.txt 2011-04-27 12:42

ComboFix3.txt 2011-04-13 22:35

.

Pre-Run: 28,256,350,208 bytes free

Post-Run: 28,248,678,400 bytes free

.

- - End Of File - - 1552A3A86A036E37632DC2D7DBCC4744

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Administrator at 7:31:48.32 on Thu 04/28/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3034.2766 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrator.JASMINEPC\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:no-reply@malwarebytes.org?subject=Error%20on%20the%20forums

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1.jas\applic~1\mozilla\firefox\profiles\8o1chhqk.default\

FF - plugin: c:\documents and settings\administrator.jasminepc\application data\mozilla\firefox\profiles\8o1chhqk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\jasmine\application data\move networks\plugins\npqmp071505000010.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

.

============= SERVICES / DRIVERS ===============

.

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-11-10 98984]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-7-31 20160]

S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-31 113024]

S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-7-31 1656960]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-11 144128]

S3 OA009Afx;Provides a software interface to control audio effects of OA009 camera.;c:\windows\system32\drivers\OA009Afx.sys [2007-6-7 148056]

S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]

S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

.

=============== Created Last 30 ================

.

2011-04-22 00:45:07 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-04-22 00:45:07 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-04-22 00:45:07 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-04-22 00:45:07 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-04-22 00:45:07 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-04-22 00:45:07 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-22 00:45:07 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-04-22 00:45:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-15 01:28:23 -------- d-----w- c:\program files\ESET

2011-04-13 22:31:12 -------- d-sha-r- C:\cmdcons

2011-04-13 22:28:43 98816 ----a-w- c:\windows\sed.exe

2011-04-13 22:28:43 89088 ----a-w- c:\windows\MBR.exe

2011-04-13 22:28:43 256512 ----a-w- c:\windows\PEV.exe

2011-04-13 22:28:43 161792 ----a-w- c:\windows\SWREG.exe

2011-04-12 18:27:54 -------- d-----w- c:\docume~1\admini~1.jas\locals~1\applic~1\Adobe

2011-04-09 00:51:54 -------- d-----w- c:\docume~1\admini~1.jas\locals~1\applic~1\PackageAware

2011-04-08 15:08:14 -------- d-----w- c:\docume~1\admini~1.jas\applic~1\QuickScan

2011-04-08 01:05:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-04-07 02:46:40 -------- d-----w- c:\program files\AVAST Software

2011-04-07 02:46:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software

2011-04-07 02:07:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2011-04-07 00:38:13 -------- d-----w- c:\program files\Free Window Registry Repair

2011-04-07 00:11:09 -------- d-sh--w- c:\documents and settings\administrator.jasminepc\PrivacIE

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-06 01:42:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-06 01:42:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

============= FINISH: 7:32:23.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/31/2009 5:28:26 PM

System Uptime: 4/28/2011 7:20:21 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0G848F

Processor: Intel Pentium III Xeon processor | Microprocessor | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 59 GiB total, 26.335 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Manufacturer: Marvell

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2

Service: yukonwxp

.

==== System Restore Points ===================

.

RP1: 4/13/2011 6:43:17 PM - System Checkpoint

RP2: 4/28/2011 6:11:46 AM - System Checkpoint

RP3: 4/28/2011 6:41:38 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Advanced Audio FX Engine

Advanced Video FX Engine

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BitTorrent

Bonjour

CA Yahoo! Anti-Spy (remove only)

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Dell Webcam Central

Dell Wireless WLAN Card Utility

Diskeeper Professional Premier Edition

ESET Online Scanner v3

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Memories Disc

IDT Audio

Integrated Webcam Driver (1.02.01.0320)

Intel® Graphics Media Accelerator Driver

InterActual Player

iTunes

IZArc 3.81

Java Auto Updater

Java 6 Update 23

KODAK Share Button App

Lexmark 2600 Series

Live! Cam Avatar Creator

Malwarebytes' Anti-Malware

Marvell Miniport Driver

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype

Link to post
Share on other sites

Hi Chris,

That was it, "open with" issue is resolved. I bow to you and your colleagues. Downloaded fresh copy of Avast, it is up and running. What is next? How many of the programs I downloaded do I need to keep and how many do I need to delete? If I remember correctly I still have defogger enabled or disabled (whatever instructed to do in the beginning). Is there anything else I should install to protect against this happening again?

Here is log you requested.

I have lost the latest log. It didn't store it. What I can remember is that there was a registry key and a registry value infected, both with some kind of hijack exe in system32\shell. Am now having some kind of PIF error with Malwarebytes after trying to return to an exe file. I assume I need to download a fresh copy?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.