TheTechGuide Forum

General Category => Tech Clinic => Topic started by: ___ on December 20, 2008, 11:49:25 PM

Title: Help!
Post by: ___ on December 20, 2008, 11:49:25 PM
My whole computer just basically crashed. My firewall was somehow turned off without me doing so. My automatic updates was disabled, and I'm getting pop-ups left and right. I'm currently running malawarebytes and when I try to type, my keyboard won't register me pressing keys, I have to hit each key 3-4 times before it will type it. Help me please! Also it will rarely allow me to access the internet.
Title: Help!
Post by: guestolo on December 20, 2008, 11:58:47 PM
You will have to give me more info than that

Finish running Malwarebytes Anti-Malware
When it's done scanningOK, then Show Results to view the results.
   
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log
Do the following

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE  (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Title: Help!
Post by: ___ on December 21, 2008, 01:24:23 PM
Well I ran Malwarebytes last night, but my computer somehow shutdown, so I don't think it finished the scan. I also ran a quick scan with the pre-installed Sbc protection, and it deleted about 24 infected items. My keyboard seems to be fixed also. I'm re-running Malwarebytes atm. Also somehow my autoupdates for my computer were disabled, how would I go about manually turning them back on?
Title: Help!
Post by: guestolo on December 21, 2008, 01:25:45 PM
I need to see some logs?
Some tools we run, may help fixing the problems
Title: Help!
Post by: ___ on December 21, 2008, 01:31:29 PM
Like I said, my computer shutdown last night. Here is a 'HijackThis' log however...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:05 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\GARRET~1\LOCALS~1\Temp\winloggn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe
C:\DOCUME~1\GARRET~1\LOCALS~1\Temp\csrssc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 (http://\"http://go.microsoft.com/fwlink/?linkid=54834\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [0027b6eb] rundll32.exe "C:\WINDOWS\system32\xaxfdsgg.dll",b
O4 - HKLM\..\Run: [jsf8j34rgfght] C:\DOCUME~1\GARRET~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\GARRET~1\LOCALS~1\Temp\winloggn.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\GARRET~1\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab (http://\"http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab (http://\"http://mediaplayer.walmart.com/installer/install.cab\")
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab (http://\"http://download.shockwave.com/pub/otoy/OTOYAX.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - AppInit_DLLs: ovryyh.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8707 bytes
Title: Help!
Post by: guestolo on December 21, 2008, 01:36:24 PM
Can you let Malwarebytes Antimalware finish
Quick scan is all that is needed for now, it shouldn't take too long
Follow my last instructions to clean and post it's log
Title: Help!
Post by: ___ on December 21, 2008, 01:39:58 PM
Hmm, on Mawarebytes scan last night, it was almost up to 2 hours when my computer was turned off. Should the quick scan take that long?
Title: Help!
Post by: guestolo on December 21, 2008, 01:41:04 PM
Are you sure you selected Quick Scan?
Title: Help!
Post by: ___ on December 21, 2008, 01:42:41 PM
Yes, but I remember last time I ran the full scan it almost took 5hours. However the quick scan should usually run under an hour?
Title: Help!
Post by: guestolo on December 21, 2008, 01:43:42 PM
I find it runs anywhere from 8 minutes to half/hour

How long has it been running now?
Title: Help!
Post by: ___ on December 21, 2008, 01:46:36 PM
28 minutes right now, and has scanned 26650 file.
Title: Help!
Post by: guestolo on December 21, 2008, 01:48:58 PM
Do you know at what point it's scanning now
What folder/file it's at, it will give me an indication of how far along it is
Title: Help!
Post by: ___ on December 21, 2008, 01:52:20 PM
C:\Documents and Settings\Compaq_Owner
Title: Help!
Post by: guestolo on December 21, 2008, 01:54:06 PM
Okay, let it continue, it may be best if you temporarily disable your AntiVirus software so it won't interfere
I'm running a quick scan right now
I want to see how long it takes with the latest updates
Title: Help!
Post by: ___ on December 21, 2008, 01:56:48 PM
Also, what do you think of the application "SandBoxie." Should I use it as a precaution? (As I assume that somehow a virus disabled my firewall last night and installed a lot of adware onto my computer)
Title: Help!
Post by: guestolo on December 21, 2008, 01:57:23 PM
It took me 7 minutes
Is it scanning your Temporary Internet Files right now?

I don't think Sandboxie has anything to do with this
I've never used it, but I don't think it has any relation
Title: Help!
Post by: ___ on December 21, 2008, 01:59:24 PM
Yes it is scanning the temporary internet files atm. (it is on 40mins...)
Title: Help!
Post by: guestolo on December 21, 2008, 02:03:06 PM
Let it finish scanning, your getting close to the end
If temp files aren't cleaned, it could run a scan at that point for a bit
Title: Help!
Post by: ___ on December 21, 2008, 02:06:08 PM
Okay will do, but did you read my above post about "Sandboxie"?
Title: Help!
Post by: guestolo on December 21, 2008, 02:09:06 PM
Yup, I added an edit to a reply a couple up
I have to run out for half/hour, be back then
Title: Help!
Post by: ___ on December 21, 2008, 02:10:45 PM
Ok, thanks for the help thus far. =Þ
Title: Help!
Post by: ___ on December 21, 2008, 04:45:44 PM
3hours 24minutes and still scanning...still on temporary internet files. I'm getting a lot of internet explorer popups, hopefully once MalwareBytes is finished they will stop.
Title: Help!
Post by: guestolo on December 21, 2008, 04:52:42 PM
Do the following, PAUSE the scan with Malwarebytes for now, don't choose abort

download [color=\"#FF0000\"]ATF Cleaner[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\")[/url] by Atribune.

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Back at Malwarebyte's AntiMalware, Resume the scan
Title: Help!
Post by: ___ on December 21, 2008, 04:58:27 PM
Did that ^. Scan is resumed now.
Sped scan up A LOT! Here is log:

I got a vundo. -.-

Malwarebytes' Anti-Malware 1.30
Database version: 1366
Windows 5.1.2600 Service Pack 3

12/21/2008 4:04:35 PM
mbam-log-2008-12-21 (16-04-35).txt

Scan type: Quick Scan
Objects scanned: 68861
Time elapsed: 3 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 8
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\efccBRhg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xaxfdsgg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMdCrpn.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8051487-9e72-4330-bfe8-da6aaf2050de} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomdcrpn (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0027b6eb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccbrhg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efccbrhg  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Garrett's Account\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\efccBRhg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ghRBccfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghRBccfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xaxfdsgg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ggsdfxax.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdCrpn.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\winloggn.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\awtSMgef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Garrett's Account\Local Settings\temp\TDSSf6ad.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqxnr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSwgod.log (Trojan.TDSS) -> Quarantined and deleted successfully.
Title: Help!
Post by: guestolo on December 21, 2008, 05:06:25 PM
Did you reboot the computer?
Title: Help!
Post by: ___ on December 21, 2008, 05:13:34 PM
Rebooted now. Do you need a new 'HijackThis' Logg?
Title: Help!
Post by: guestolo on December 21, 2008, 05:15:50 PM
Yes please, post a fresh Hijackthis log
Let's see what we're left with
Title: Help!
Post by: ___ on December 21, 2008, 05:16:50 PM
Edit) Now Norton is telling me I have no virus protection.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:20 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 (http://\"http://go.microsoft.com/fwlink/?linkid=54834\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {9d1254b4-f4dc-d05a-8c34-cd534a178638} - {836871a4-35dc-43c8-a50d-cd4f4b4521d9} - C:\WINDOWS\system32\ovryyh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab (http://\"http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab (http://\"http://mediaplayer.walmart.com/installer/install.cab\")
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab (http://\"http://download.shockwave.com/pub/otoy/OTOYAX.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O20 - AppInit_DLLs: ovryyh.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8996 bytes
Title: Help!
Post by: guestolo on December 21, 2008, 05:24:50 PM
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://www.forospyware.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 3[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus, AntiSpyware and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]
It's important you try to refrain from using this computer till we have finished this scanner
This includes open Web browsers, etc...



[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 15 minutes, let it run uninterrupted please
Title: Help!
Post by: ___ on December 21, 2008, 07:09:06 PM
Sorry for the delay, here is the log.
ComboFix 08-12-21.02 - Garrett's Account 2008-12-21 16:34:35.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.959.364 [GMT -6:00]
Running from: c:\documents and settings\Garrett's Account\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Garrett's Account\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\ovryyh.dll
c:\windows\system32\TDSSmupe.dat
c:\windows\system32\yixweplm.dll
D:\resycled
d:\resycled\boot.com

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((((((((   Files Created from 2008-11-21 to 2008-12-21  )))))))))))))))))))))))))))))))
.

2008-12-21 12:48 . 2008-12-21 12:48   <DIR>   d--------   C:\Sandbox
2008-12-21 12:48 . 2008-12-21 16:06   1,384   --a------   c:\windows\Sandboxie.ini
2008-12-21 12:47 . 2008-12-21 12:47   <DIR>   d--------   c:\program files\Sandboxie
2008-12-20 22:13 . 2008-12-20 22:13   57,856   --a------   c:\windows\system32\tuvSLEVm.dll
2008-12-20 22:07 . 2008-12-20 22:07   57,856   --a------   c:\windows\system32\vtUmMeDV.dll
2008-12-19 23:35 . 2008-12-19 23:35   <DIR>   d--------   c:\program files\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:36   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:35   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-18 23:54 . 2008-12-20 15:17   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-18 20:32 . 2008-12-18 20:54   <DIR>   d--------   c:\windows\system32\Adobe
2008-12-04 22:22 . 2008-12-04 22:22   <DIR>   dr-h-----   C:\AHCache
2008-12-01 16:10 . 2008-12-05 16:57   410,984   --a------   c:\windows\system32\deploytk.dll
2008-11-21 21:20 . 2008-11-21 21:20   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Subversion
2008-11-21 21:19 . 2008-11-21 21:19   <DIR>   d--------   c:\program files\SCAR 3.15
2008-11-21 21:14 . 2008-11-21 21:14   <DIR>   d--------   c:\program files\Subversion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 22:21   31   ----a-w   c:\documents and settings\Garrett's Account\jagex_runescape_preferences.dat
2008-12-20 21:22   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-20 05:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:47   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\FrostWire
2008-12-05 22:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 22:57   ---------   d-----w   c:\program files\Sun
2008-12-05 22:57   ---------   d-----w   c:\program files\Java
2008-11-07 23:04   ---------   d-----w   c:\program files\Canon
2008-11-04 22:23   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Malwarebytes
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 18:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 22:10   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2003-03-18 01:27   307,904   -c--a-w   c:\windows\inf\wg311nd5.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-11-04_22.42.25.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23   135,168   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15   512,000   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16   180,224   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16   172,032   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16   430,080   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44   155,648   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17   90,112   ----a-w   c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18   755,576   ----a-w   c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19   382,840   ----a-w   c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-10 01:10:56   1,379,840   ----a-w   c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:27   1,106,944   ----a-w   c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51   17,272   ----a-w   c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51   231,288   ----a-w   c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51   26,488   ----a-w   c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51   755,576   ----a-w   c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 19:08:38   382,840   ----a-w   c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49   62,976   ----a-w   c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22   17,272   ----a-w   c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22   231,288   ----a-w   c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22   26,488   ----a-w   c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22   755,576   ----a-w   c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22   382,840   ----a-w   c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42   286,720   ----a-w   c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29   755,576   ----a-w   c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37   382,840   ----a-w   c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11   455,936   ----a-w   c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01   17,272   ----a-w   c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02   231,288   ----a-w   c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01   26,488   ----a-w   c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04   755,576   ----a-w   c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12   382,840   ----a-w   c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll
- 2004-08-04 15:06:34   82,944   -c----w   c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2008-04-14 00:11:59   82,944   -c----w   c:\windows\$NtUninstallKB946648$\msgsc.dll
+ 2004-08-04 15:06:34   82,944   -c----w   c:\windows\$NtUninstallKB946648_0$\msgsc.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB946648_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB946648_0$\spuninst\updspapi.dll
- 2006-07-13 08:48:58   202,240   -c----w   c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2008-04-13 18:55:08   202,624   -c----w   c:\windows\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58   202,240   -c----w   c:\windows\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2005-07-26 04:39:45   243,200   -c----w   c:\windows\$NtUninstallKB950974$\es.dll
+ 2008-04-14 00:11:53   246,272   -c----w   c:\windows\$NtUninstallKB950974$\es.dll
+ 2005-07-26 04:39:45   243,200   -c----w   c:\windows\$NtUninstallKB950974_0$\es.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB950974_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB950974_0$\spuninst\updspapi.dll
- 2007-08-21 06:15:44   683,520   -c----w   c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2008-04-14 00:11:54   691,712   -c----w   c:\windows\$NtUninstallKB951066$\inetcomm.dll
+ 2007-08-21 06:15:44   683,520   -c----w   c:\windows\$NtUninstallKB951066_0$\inetcomm.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951066_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB951066_0$\spuninst\updspapi.dll
- 2008-04-14 11:01:02   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 12:30:49   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 11:01:02   272,128   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
+ 2008-04-13 18:46:32   273,024   -c----w   c:\windows\$NtUninstallKB951376$\bthport.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:03   1,287,680   -c----w   c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2008-04-14 00:12:03   1,288,192   -c----w   c:\windows\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:03   1,287,680   -c----w   c:\windows\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2004-08-04 12:00:00   138,496   -c----w   c:\windows\$NtUninstallKB951748$\afd.sys
+ 2008-04-13 19:19:23   138,112   -c----w   c:\windows\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:32:43   148,992   -c----w   c:\windows\$NtUninstallKB951748$\dnsapi.dll
+ 2008-04-14 00:11:52   147,968   -c----w   c:\windows\$NtUninstallKB951748$\dnsapi.dll
- 2004-08-04 12:00:00   245,248   -c----w   c:\windows\$NtUninstallKB951748$\mswsock.dll
+ 2008-04-14 00:12:01   245,248   -c----w   c:\windows\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55   360,064   -c----w   c:\windows\$NtUninstallKB951748$\tcpip.sys
+ 2008-04-13 19:20:16   361,344   -c----w   c:\windows\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30   225,664   -c----w   c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2008-04-13 19:00:02   225,664   -c----w   c:\windows\$NtUninstallKB951748$\tcpip6.sys
+ 2004-08-04 12:00:00   138,496   -c----w   c:\windows\$NtUninstallKB951748_0$\afd.sys
+ 2008-02-20 05:32:43   148,992   -c----w   c:\windows\$NtUninstallKB951748_0$\dnsapi.dll
+ 2004-08-04 12:00:00   245,248   -c----w   c:\windows\$NtUninstallKB951748_0$\mswsock.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951748_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB951748_0$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55   360,064   -c----w   c:\windows\$NtUninstallKB951748_0$\tcpip.sys
+ 2006-08-16 09:37:30   225,664   -c----w   c:\windows\$NtUninstallKB951748_0$\tcpip6.sys
+ 2008-04-14 00:12:15   139,264   -c----w   c:\windows\$NtUninstallKB951978$\cscript.exe
+ 2008-04-14 00:11:56   512,000   -c----w   c:\windows\$NtUninstallKB951978$\jscript.dll
+ 2008-04-14 00:12:05   180,224   -c----w   c:\windows\$NtUninstallKB951978$\scrobj.dll
+ 2008-04-14 00:12:05   172,032   -c----w   c:\windows\$NtUninstallKB951978$\scrrun.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19   382,840   -c----w   c:\windows\$NtUninstallKB951978$\spuninst\updspapi.dll
+ 2008-04-14 00:12:08   434,176   -c----w   c:\windows\$NtUninstallKB951978$\vbscript.dll
+ 2008-04-14 00:12:41   155,648   -c----w   c:\windows\$NtUninstallKB951978$\wscript.exe
+ 2008-04-14 00:12:10   90,112   -c----w   c:\windows\$NtUninstallKB951978$\wshext.dll
- 2004-08-04 12:00:00   331,776   -c----w   c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2008-05-01 14:30:33   331,776   -c----w   c:\windows\$NtUninstallKB952287$\msadce.dll
+ 2004-08-04 12:00:00   331,776   -c----w   c:\windows\$NtUninstallKB952287_0$\msadce.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB952287_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB952287_0$\spuninst\updspapi.dll
- 2005-06-29 01:46:00   74,240   -c----w   c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2008-04-14 00:11:58   73,728   -c----w   c:\windows\$NtUninstallKB952954$\mscms.dll
+ 2005-06-29 01:46:00   74,240   -c----w   c:\windows\$NtUninstallKB952954_0$\mscms.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB952954_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB952954_0$\spuninst\updspapi.dll
- 2008-03-19 09:47:00   1,845,248   -c----w   c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2008-04-13 19:30:10   1,845,632   -c----w   c:\windows\$NtUninstallKB954211$\win32k.sys
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB954211_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB954211_0$\spuninst\updspapi.dll
+ 2008-03-19 09:47:00   1,845,248   -c----w   c:\windows\$NtUninstallKB954211_0$\win32k.sys
+ 2008-04-14 00:12:01   1,306,624   -c----w   c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22   231,288   -c----w   c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22   382,840   -c----w   c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 00:12:01   1,104,896   -c----w   c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 19:08:38   382,840   -c----w   c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
- 2008-06-20 10:44:38   138,368   -c----w   c:\windows\$NtUninstallKB956803$\afd.sys
+ 2008-06-20 11:40:08   138,496   -c----w   c:\windows\$NtUninstallKB956803$\afd.sys
+ 2008-06-20 10:44:38   138,368   -c----w   c:\windows\$NtUninstallKB956803_0$\afd.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB956803_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB956803_0$\spuninst\updspapi.dll
- 2007-02-28 08:38:55   2,057,600   -c----w   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 18:31:21   2,065,792   -c----w   c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
- 2007-02-28 09:10:57   2,180,352   -c----w   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2008-04-13 19:27:53   2,188,928   -c----w   c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-02-28 09:08:48   2,136,064   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrnlmp.exe
+ 2007-02-28 08:38:55   2,057,600   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
+ 2007-02-28 08:38:57   2,015,744   -c----w   c:\windows\$NtUninstallKB956841_0$\ntkrpamp.exe
+ 2007-02-28 09:10:57   2,180,352   -c----w   c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB956841_0$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37   382,840   -c----w   c:\windows\$NtUninstallKB956841_0$\spuninst\updspapi.dll
- 2006-08-14 10:34:41   332,928   -c----w   c:\windows\$NtUninstallKB957095$\srv.sys
+ 2008-04-13 19:15:11   334,848   -c----w   c:\windows\$NtUninstallKB957095$\srv.sys
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB957095_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB957095_0$\spuninst\updspapi.dll
+ 2006-08-14 10:34:41   332,928   -c----w   c:\windows\$NtUninstallKB957095_0$\srv.sys
+ 2008-04-13 19:17:01   456,576   -c----w   c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02   231,288   -c----w   c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12   382,840   -c----w   c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
- 2006-08-17 12:28:27   332,288   -c----w   c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2008-04-14 00:12:01   337,408   -c----w   c:\windows\$NtUninstallKB958644$\netapi32.dll
+ 2006-08-17 12:28:27   332,288   -c----w   c:\windows\$NtUninstallKB958644_0$\netapi32.dll
+ 2007-11-30 11:18:51   231,288   -c----w   c:\windows\$NtUninstallKB958644_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51   382,840   -c----w   c:\windows\$NtUninstallKB958644_0$\spuninst\updspapi.dll
+ 2008-12-21 02:31:00   101,991   ----a-w   c:\windows\.jagex_cache_32\loginapplet\cache-1272026540.dat
- 2008-11-01 02:44:28   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-21 22:20:58   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-11-01 02:44:29   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-21 22:20:58   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
- 2006-10-04 14:05:26   39,424   ------w   c:\windows\AppPatch\acadproc.dll
+ 2008-04-14 00:11:48   39,424   ----a-w   c:\windows\AppPatch\acadproc.dll
- 2004-08-04 12:00:00   1,852,416   ------w   c:\windows\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48   1,852,928   ----a-w   c:\windows\AppPatch\acgenral.dll
- 2004-08-04 12:00:00   450,048   -c----w   c:\windows\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48   451,072   ----a-w   c:\windows\AppPatch\aclayers.dll
- 2004-08-04 12:00:00   137,728   -c----w   c:\windows\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48   141,312   ----a-w   c:\windows\AppPatch\aclua.dll
- 2004-08-04 12:00:00   244,736   -c----w   c:\windows\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48   245,248   ----a-w   c:\windows\AppPatch\acspecfc.dll
- 2004-08-04 12:00:00   116,224   -c----w   c:\windows\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48   116,224   ----a-w   c:\windows\AppPatch\acxtrnal.dll
+ 2008-06-13 11:05:51   272,128   ------w   c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:21:09   455,296   ------w   c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 10:09:26   2,145,280   ------w   c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16   2,066,048   ------w   c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16   2,023,936   ------w   c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02   2,189,184   ------w   c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2007-06-13 10:23:07   1,033,216   ------w   c:\windows\explorer.exe
+ 2008-04-14 00:12:19   1,033,728   ----a-w   c:\windows\explorer.exe
+ 2008-08-26 07:24:28   124,928   -c----w   c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28   347,136   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28   214,528   -c----w   c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28   133,120   -c----w   c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28   63,488   -c----w   c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59   70,656   -c----w   c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28   153,088   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28   230,400   -c----w   c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51   161,792   -c----w   c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28   383,488   -c----w   c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29   384,512   -c----w   c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15   6,066,176   -c----w   c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29   267,776   -c----w   c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00   13,824   -c----w   c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15   635,848   -c----w   c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30   27,648   -c----w   c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30   459,264   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30   52,224   -c----w   c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32   3,593,216   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30   477,696   -c----w   c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30   193,024   -c----w   c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30   671,232   -c----w   c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30   102,912   -c----w   c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30   44,544   -c----w   c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51   371,424   -c----w   c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30   105,984   -c----w   c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31   1,159,680   -c----w   c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31   233,472   -c----w   c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31   826,368   -c----w   c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 08:08:40   3,593,216   -c----w   c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39   213,216   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47   371,424   -c----w   c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-19 05:54:40   29,184   ----a-r   c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe
- 2008-01-14 00:56:43   29,926   ----a-r   c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-11-07 22:43:49   29,926   ----a-r   c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-11-13 06:00:51   32,768   ----a-r   c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 08:07:41   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-12-10 06:06:14   593,920   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-10-16 08:07:41   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-10 06:06:14   12,288   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-16 08:07:41   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-12-10 06:06:14   86,016   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-10-16 08:07:40   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-10 06:06:14   135,168   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-16 08:07:41   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-10 06:06:14   11,264   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-16 08:07:41   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-10 06:06:14   27,136   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-16 08:07:41   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-10 06:06:14   4,096   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-16 08:07:41   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-10 06:06:14   794,624   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-16 08:07:40   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-10 06:06:14   249,856   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-16 08:07:40   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-12-10 06:06:14   61,440   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-10-16 08:07:41   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-10 06:06:14   23,040   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-16 08:07:40   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-10 06:06:13   286,720   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-16 08:07:40   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-10 06:06:13   409,600   ----a-r   c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-21 18:45:23   465,882   ----a-w   c:\windows\Installer\SandboxieInstall.exe
- 2004-08-04 12:00:00   38,912   ------w   c:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02   38,400   ----a-w   c:\windows\pchealth\helpctr\binaries\pchsvc.dll
- 2004-08-04 12:00:00   194,048   ------w   c:\windows\system32\activeds.dll
+ 2008-04-14 00:11:48   193,536   ----a-w   c:\windows\system32\activeds.dll
- 2004-08-04 12:00:00   101,888   ------w   c:\windows\system32\actxprxy.dll
+ 2008-04-14 00:11:48   98,304   ----a-w   c:\windows\system32\actxprxy.dll
+ 2008-11-24 20:35:00   114,688   ----a-w   c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-11-24 20:43:36   202,168   ----a-w   c:\windows\system32\Adobe\Director\SwDir.dll
+ 2008-11-24 20:35:38   499,712   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-11-24 20:16:06   1,798,144   ----a-w   c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-11-24 20:35:40   9,216   ----a-w   c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-11-24 20:07:38   703,488   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-11-24 20:07:38   1,145,896   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-11-24 20:07:38   52,288   ----a-w   c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-11-24 20:12:14   892,928   ----a-w   c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-12-19 02:53:59   181,624   ----atw   c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
+ 2008-11-24 20:34:18   266,240   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-11-24 20:36:12   446,464   ----a-w   c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-11-24 20:43:16   460,216   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe
+ 2008-11-24 20:34:04   114,688   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-11-24 20:34:02   94,208   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-11-24 20:07:38   58,736   ----a-w   c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 16:55:30   149,504   ----a-w   c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2004-08-04 12:00:00   143,360   ------w   c:\windows\system32\adsldpc.dll
+ 2008-04-14 00:11:48   143,360   ----a-w   c:\windows\system32\adsldpc.dll
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\system32\advpack.dll
- 2004-08-04 12:00:00   44,544   ------w   c:\windows\system32\alg.exe
+ 2008-04-14 00:12:12   44,544   ----a-w   c:\windows\system32\alg.exe
- 2004-08-04 12:00:00   126,976   ------w   c:\windows\system32\apphelp.dll
+ 2008-04-14 00:11:49   125,952   ----a-w   c:\windows\system32\apphelp.dll
- 2004-08-04 12:00:00   58,880   ------w   c:\windows\system32\atl.dll
+ 2008-04-14 00:11:50   58,880   ----a-w   c:\windows\system32\atl.dll
- 2004-08-04 12:00:00   42,496   ------w   c:\windows\system32\audiosrv.dll
+ 2008-04-14 00:11:50   42,496   ----a-w   c:\windows\system32\audiosrv.dll
- 2005-03-02 18:09:29   56,832   ------w   c:\windows\system32\authz.dll
+ 2008-04-14 00:11:50   62,464   ----a-w   c:\windows\system32\authz.dll
- 2004-08-04 12:00:00   52,736   ------w   c:\windows\system32\basesrv.dll
+ 2008-04-14 00:11:50   52,736   ----a-w   c:\windows\system32\basesrv.dll
- 2004-08-04 12:00:00   28,672   ------w   c:\windows\system32\batmeter.dll
+ 2008-04-14 00:11:50   29,184   ----a-w   c:\windows\system32\batmeter.dll
- 2004-08-04 12:00:00   63,488   ------w   c:\windows\system32\browselc.dll
+ 2008-04-13 17:03:24   63,488   ----a-w   c:\windows\system32\browselc.dll
- 2004-08-04 12:00:00   77,312   ------w   c:\windows\system32\browser.dll
+ 2008-04-14 00:11:50   77,824   ----a-w   c:\windows\system32\browser.dll
- 2006-09-23 18:12:50   1,022,976   ------w   c:\windows\system32\browseui.dll
+ 2008-04-14 00:11:50   1,025,024   ----a-w   c:\windows\system32\browseui.dll
- 2004-08-04 18:00:00   59,904   ------w   c:\windows\system32\cabinet.dll
+ 2008-04-14 00:11:50   60,416   ----a-w   c:\windows\system32\cabinet.dll
- 2005-07-26 04:39:42   225,792   ------w   c:\windows\system32\catsrv.dll
+ 2008-04-14 00:11:50   226,304   ----a-w   c:\windows\system32\catsrv.dll
- 2005-07-26 04:39:43   625,152   ------w   c:\windows\system32\catsrvut.dll
+ 2008-04-14 00:11:50   625,664   ----a-w   c:\windows\system32\catsrvut.dll
- 2008-07-19 03:10:48   94,920   ----a-w   c:\windows\system32\cdm.dll
+ 2008-10-16 20:09:44   92,696   ----a-w   c:\windows\system32\cdm.dll
- 2004-08-04 12:00:00   194,560   ------w   c:\windows\system32\certcli.dll
+ 2008-04-14 00:11:50   194,560   ----a-w   c:\windows\system32\certcli.dll
- 2004-08-04 12:00:00   16,896   ------w   c:\windows\system32\cfgmgr32.dll
+ 2008-04-14 00:09:05   16,896   ----a-w   c:\windows\system32\cfgmgr32.dll
- 2005-07-26 04:39:43   498,688   ------w   c:\windows\system32\clbcatq.dll
+ 2008-04-14 00:11:50   498,688   ----a-w   c:\windows\system32\clbcatq.dll
- 2004-08-04 12:00:00   57,856   ------w   c:\windows\system32\clusapi.dll
+ 2008-04-14 00:11:50   58,368   ----a-w   c:\windows\system32\clusapi.dll
- 2004-08-04 18:00:00   47,104   ------w   c:\windows\system32\cnbjmon.dll
+ 2008-04-14 00:11:50   47,104   ----a-w   c:\windows\system32\cnbjmon.dll
- 2005-07-26 04:39:43   60,416   ------w   c:\windows\system32\colbact.dll
+ 2008-04-14 00:11:51   60,416   ----a-w   c:\windows\system32\colbact.dll
- 2004-08-04 12:00:00   792,064   ------w   c:\windows\system32\comres.dll
+ 2008-04-14 00:11:51   792,064   ----a-w   c:\windows\system32\comres.dll
- 2005-07-26 04:39:44   1,267,200   ------w   c:\windows\system32\comsvcs.dll
+ 2008-04-14 00:11:51   1,267,200   ----a-w   c:\windows\system32\comsvcs.dll
- 2008-11-03 01:15:44   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-21 04:14:36   16,384   -c--a-w   c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-03 01:15:44   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-21 04:14:36   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-06 06:08:40   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110620081107\index.dat
- 2008-11-03 01:15:44   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 04:14:36   32,768   -c--a-w   c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-04 12:00:00   27,648   -c----w   c:\windows\system32\conime.exe
+ 2008-04-14 00:12:15   27,648   ----a-w   c:\windows\system32\conime.exe
- 2004-08-04 12:00:00   163,840   ------w   c:\windows\system32\credui.dll
+ 2008-04-14 00:11:51   163,840   ----a-w   c:\windows\system32\credui.dll
- 2004-08-04 12:00:00   597,504   ------w   c:\windows\system32\crypt32.dll
+ 2008-04-14 00:11:51   599,040   ----a-w   c:\windows\system32\crypt32.dll
- 2004-08-04 12:00:00   33,280   ------w   c:\windows\system32\cryptdll.dll
+ 2008-04-14 00:11:51   33,280   ----a-w   c:\windows\system32\cryptdll.dll
- 2004-08-04 12:00:00   60,416   ------w   c:\windows\system32\cryptsvc.dll
+ 2008-04-14 00:11:51   62,464   ----a-w   c:\windows\system32\cryptsvc.dll
- 2004-08-04 12:00:00   512,512   ------w   c:\windows\system32\cryptui.dll
+ 2008-04-14 00:11:51   512,512   ----a-w   c:\windows\system32\cryptui.dll
- 2004-08-04 12:00:00   101,888   ------w   c:\windows\system32\cscdll.dll
+ 2008-04-14 00:11:51   101,888   ----a-w   c:\windows\system32\cscdll.dll
- 2008-04-14 00:12:15   139,264   ----a-w   c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23   135,168   ----a-w   c:\windows\system32\cscript.exe
- 2004-08-04 12:00:00   326,656   ------w   c:\windows\system32\cscui.dll
+ 2008-04-14 00:11:51   326,656   ----a-w   c:\windows\system32\cscui.dll
- 2004-08-04 12:00:00   6,144   ------w   c:\windows\system32\csrss.exe
+ 2008-04-14 00:12:15   6,144   ----a-w   c:\windows\system32\csrss.exe
- 2004-08-04 12:00:00   15,360   ------w   c:\windows\system32\ctfmon.exe
+ 2008-04-14 00:12:16   15,360   ----a-w   c:\windows\system32\ctfmon.exe
- 2004-08-04 12:00:00   24,576   ------w   c:\windows\system32\davclnt.dll
+ 2008-04-14 00:11:51   25,088   ----a-w   c:\windows\system32\davclnt.dll
- 2004-08-04 18:00:00   640,000   ------w   c:\windows\system32\dbghelp.dll
+ 2008-04-14 00:11:51   640,000   ----a-w   c:\windows\system32\dbghelp.dll
- 2008-08-26 07:24:28   124,928   ----a-w   c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34   124,928   ----a-w   c:\windows\system32\dllcache\advpack.dll
+ 2008-08-14 10:04:36   138,496   ------w   c:\windows\system32\dllcache\afd.sys
+ 2008-06-13 11:05:51   272,128   ------w   c:\windows\system32\dllcache\bthport.sys
- 2008-07-19 03:10:48   94,920   ----a-w   c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
+ 2008-05-07 09:07:23   135,168   ------w   c:\windows\system32\dllcache\cscript.exe
+ 2008-06-20 17:46:57   147,968   ------w   c:\windows\system32\dllcache\dnsapi.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:26:58   253,952   ------w   c:\windows\system32\dllcache\es.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14   286,720   ------w   c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15   635,848   ----a-w   c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26   633,632   ----a-w   c:\windows\system32\dllcache\iexplore.exe
+ 2008-04-11 19:04:26   691,712   ------w   c:\windows\system32\dllcache\inetcomm.dll
+ 2008-05-09 10:53:39   512,000   ------w   c:\windows\system32\dllcache\jscript.dll
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 02:03:58   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22   100,864   ----a-w   c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:21:09   455,296   ------w   c:\windows\system32\dllcache\mrxsmb.sys
- 2008-05-01 14:30:33   331,776   ----a-w   c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:33:02   331,776   ----a-w   c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:43:16   74,240   ------w   c:\windows\system32\dllcache\mscms.dll
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38   477,696   ----a-w   c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38   193,024   ----a-w   c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39   671,232   ----a-w   c:\windows\system32\dllcache\mstime.dll
+ 2008-06-20 17:46:57   245,248   ------w   c:\windows\system32\dllcache\mswsock.dll
+ 2008-09-04 17:15:04   1,106,944   ------w   c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 00:12:01   1,306,624   ------w   c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56   1,307,648   ------w   c:\windows\system32\dllcache\msxml6.dll
+ 2008-10-15 16:34:24   337,408   ------w   c:\windows\system32\dllcache\netapi32.dll
+ 2008-08-14 10:09:26   2,145,280   ------w   c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:33:16   2,066,048   ------w   c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:33:16   2,023,936   ------w   c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 10:11:02   2,189,184   ------w   c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-08-26 07:24:30   102,912   ----a-w   c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39   102,912   ----a-w   c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39   44,544   ----a-w   c:\windows\system32\dllcache\pngfilt.dll
+ 2008-05-07 05:12:40   1,288,192   ------w   c:\windows\system32\dllcache\quartz.dll
+ 2008-05-08 14:02:52   203,136   ------w   c:\windows\system32\dllcache\rmcast.sys
+ 2008-05-09 10:53:39   180,224   ------w   c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40   172,032   ------w   c:\windows\system32\dllcache\scrrun.dll
+ 2008-09-08 10:41:42   333,824   ------w   c:\windows\system32\dllcache\srv.sys
- 2008-04-14 00:12:07   246,814   ----a-w   c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
+ 2008-06-20 11:51:12   361,600   ------w   c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 11:08:27   225,856   ------w   c:\windows\system32\dllcache\tcpip6.sys
- 2008-08-26 07:24:30   105,984   ----a-w   c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39   105,984   ----a-w   c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31   1,159,680   ----a-w   c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39   1,160,192   ----a-w   c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-09 10:53:40   430,080   ------w   c:\windows\system32\dllcache\vbscript.dll
- 2008-08-26 07:24:31   233,472   ----a-w   c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39   233,472   ----a-w   c:\windows\system32\dllcache\webcheck.dll
+ 2008-09-15 12:12:56   1,846,400   ------w   c:\windows\system32\dllcache\win32k.sys
- 2008-08-26 07:24:31   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40   826,368   ----a-w   c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 03:47:20   937,984   ----a-w   c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08   938,496   ----a-w   c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 03:47:22   2,450,944   ----a-w   c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14   2,458,112   ----a-w   c:\windows\system32\dllcache\WMVCore.dll
+ 2008-05-08 11:24:44   155,648   ------w   c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40   90,112   ------w   c:\windows\system32\dllcache\wshext.dll
- 2008-07-19 03:09:44   563,912   ----a-w   c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 20:12:20   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 03:10:42   53,448   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 03:09:42   1,811,656   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 03:09:46   325,832   ----a-w   c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 20:12:22   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 03:10:20   36,552   ----a-w   c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 20:08:58   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
- 2008-07-19 03:09:44   205,000   ----a-w   c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 20:13:40   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 17:41:10   148,992   ------w   c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:46:57   147,968   ----a-w   c:\windows\system32\dnsapi.dll
- 2008-04-13 19:19:23   138,112   ----a-w   c:\windows\system32\drivers\afd.sys
+ 2008-08-14 10:04:36   138,496   ----a-w   c:\windows\system32\drivers\afd.sys
- 2008-04-13 18:46:32   273,024   ----a-w   c:\windows\system32\drivers\bthport.sys
+ 2008-06-13 11:05:51   272,128   ----a-w   c:\windows\system32\drivers\bthport.sys
- 2008-04-13 18:55:08   202,624   ----a-w   c:\windows\system32\drivers\rmcast.sys
+ 2008-05-08 14:02:52   203,136   ----a-w   c:\windows\system32\drivers\rmcast.sys
- 2008-04-13 19:15:11   334,848   ----a-w   c:\windows\system32\drivers\srv.sys
+ 2008-09-08 10:41:42   333,824   ----a-w   c:\windows\system32\drivers\srv.sys
- 2008-04-13 19:20:16   361,344   ----a-w   c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 11:51:12   361,600   ----a-w   c:\windows\system32\drivers\tcpip.sys
- 2008-04-13 19:00:02   225,664   ----a-w   c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 11:08:27   225,856   ----a-w   c:\windows\system32\drivers\tcpip6.sys
- 2004-08-04 12:00:00   14,336   ------w   c:\windows\system32\drprov.dll
+ 2008-04-14 00:11:52   14,336   ----a-w   c:\windows\system32\drprov.dll
- 2004-08-04 12:00:00   367,616   ------w   c:\windows\system32\dsound.dll
+ 2008-04-14 00:11:52   367,616   ----a-w   c:\windows\system32\dsound.dll
- 2004-08-04 12:00:00   137,216   ------w   c:\windows\system32\dssenh.dll
+ 2008-04-13 17:37:57   138,752   ----a-w   c:\windows\system32\dssenh.dll
- 2004-08-04 12:00:00   304,128   ------w   c:\windows\system32\duser.dll
+ 2008-04-14 00:11:52   304,128   ----a-w   c:\windows\system32\duser.dll
- 2008-08-26 07:24:28   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34   347,136   ----a-w   c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28   214,528   ----a-w   c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34   214,528   ----a-w   c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00:00   23,040   ------w   c:\windows\system32\ersvc.dll
+ 2008-04-14 00:11:53   23,040   ----a-w   c:\windows\system32\ersvc.dll
- 2008-07-07 20:32:22   253,952   ------w   c:\windows\system32\es.dll
+ 2008-07-07 20:26:58   253,952   ----a-w   c:\windows\system32\es.dll
- 2005-10-20 22:20:03   1,082,368   ------w   c:\windows\system32\esent.dll
+ 2008-04-14 00:11:53   1,082,368   ----a-w   c:\windows\system32\esent.dll
- 2004-08-04 12:00:00   55,808   ------w   c:\windows\system32\eventlog.dll
+ 2008-04-14 00:11:53   56,320   ----a-w   c:\windows\system32\eventlog.dll
- 2008-08-26 07:24:28   133,120   ----a-w   c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35   133,120   ----a-w   c:\windows\system32\extmgr.dll
- 2008-10-16 08:15:58   287,704   ----a-w   c:\windows\system32\FNTCACHE.DAT
+ 2008-11-06 06:08:07   287,704   ----a-w   c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00   452,096   ------w   c:\windows\system32\fxsapi.dll
+ 2008-04-14 00:11:53   451,584   ----a-w   c:\windows\system32\fxsapi.dll
- 2004-08-04 12:00:00   55,296   ------w   c:\windows\system32\fxsevent.dll
+ 2008-04-14 00:11:54   55,296   ----a-w   c:\windows\system32\fxsevent.dll
- 2004-08-04 12:00:00   23,552   ------w   c:\windows\system32\fxsmon.dll
+ 2008-04-14 00:11:54   23,552   ----a-w   c:\windows\system32\fxsmon.dll
- 2004-08-04 12:00:00   562,176   ------w   c:\windows\system32\fxsst.dll
+ 2008-04-14 00:11:54   562,176   ----a-w   c:\windows\system32\fxsst.dll
- 2008-02-20 06:51:05   282,624   ------w   c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14   286,720   ----a-w   c:\windows\system32\gdi32.dll
- 2004-08-04 18:00:00   20,992   -c----w   c:\windows\system32\hid.dll
+ 2008-04-14 00:11:54   20,992   ----a-w   c:\windows\system32\hid.dll
- 2004-08-04 05:56:44   21,504   ------w   c:\windows\system32\hidserv.dll
+ 2008-04-14 00:11:54   21,504   ----a-w   c:\windows\system32\hidserv.dll
- 2004-08-04 12:00:00   344,064   ------w   c:\windows\system32\hnetcfg.dll
+ 2008-04-14 00:11:54   344,064   ----a-w   c:\windows\system32\hnetcfg.dll
- 2004-08-04 12:00:00   11,264   ------w   c:\windows\system32\icaapi.dll
+ 2008-04-14 00:11:54   11,264   ----a-w   c:\windows\system32\icaapi.dll
- 2008-08-26 07:24:28   63,488   ----a-w   c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35   63,488   ----a-w   c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09   70,656   ----a-w   c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28   153,088   ----a-w   c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35   153,088   ----a-w   c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28   230,400   ----a-w   c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35   230,400   ----a-w   c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51   161,792   ----a-w   c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53   161,792   ----a-w   c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35   383,488   ----a-w   c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35   384,512   ----a-w   c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37   6,066,176   ----a-w   c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29   44,544   ----a-w   c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37   44,544   ----a-w   c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29   267,776   ----a-w   c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37   267,776   ----a-w   c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00   13,824   ----a-w   c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09   13,824   ----a-w   c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00:00   110,080   ------w   c:\windows\system32\imm32.dll
+ 2008-04-14 00:11:54   110,080   ----a-w   c:\windows\system32\imm32.dll
- 2008-04-14 00:11:54   691,712   ----a-w   c:\windows\system32\inetcomm.dll
+ 2008-04-11 19:04:26   691,712   ----a-w   c:\windows\system32\inetcomm.dll
- 2004-08-04 12:00:00   75,264   ------w   c:\windows\system32\inetpp.dll
+ 2008-04-14 00:11:55   75,264   ----a-w   c:\windows\system32\inetpp.dll
- 2006-05-19 12:59:41   94,720   ------w   c:\windows\system32\iphlpapi.dll
+ 2008-04-14 00:11:55   94,720   ----a-w   c:\windows\system32\iphlpapi.dll
- 2004-08-04 12:00:00   331,264   ------w   c:\windows\system32\ipnathlp.dll
+ 2008-04-14 00:11:55   331,264   ----a-w   c:\windows\system32\ipnathlp.dll
- 2004-08-04 12:00:00   182,784   ------w   c:\windows\system32\ipsecsvc.dll
+ 2008-04-14 00:11:55   183,808   ----a-w   c:\windows\system32\ipsecsvc.dll
- 2008-06-10 07:21:01   135,168   ----a-w   c:\windows\system32\java.exe
+ 2008-12-05 22:57:23   144,792   ----a-w   c:\windows\system32\java.exe
- 2008-06-10 07:21:04   135,168   ----a-w   c:\windows\system32\javaw.exe
+ 2008-12-05 22:57:23   144,792   ----a-w   c:\windows\system32\javaw.exe
- 2008-06-10 08:32:34   139,264   ----a-w   c:\windows\system32\javaws.exe
+ 2008-12-05 22:57:23   148,888   ----a-w   c:\windows\system32\javaws.exe
- 2007-08-13 23:38:04   491,520   ------w   c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39   512,000   ----a-w   c:\windows\system32\jscript.dll
- 2008-08-26 07:24:30   27,648   ----a-w   c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37   27,648   ----a-w   c:\windows\system32\jsproxy.dll
- 2005-06-15 17:49:30   295,936   ------w   c:\windows\system32\kerberos.dll
+ 2008-04-14 00:11:56   299,520   ----a-w   c:\windows\system32\kerberos.dll
- 2005-09-01 01:41:53   19,968   ------w   c:\windows\system32\linkinfo.dll
+ 2008-04-14 00:11:56   19,968   ----a-w   c:\windows\system32\linkinfo.dll
- 2004-08-04 12:00:00   97,280   ------w   c:\windows\system32\loadperf.dll
+ 2008-04-14 00:11:56   97,280   ----a-w   c:\windows\system32\loadperf.dll
- 2006-10-19 02:03:58   100,864   ----a-w   c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22   100,864   ----a-w   c:\windows\system32\logagent.exe
- 2004-08-04 12:00:00   13,312   ------w   c:\windows\system32\lsass.exe
+ 2008-04-14 00:12:24   13,312   ----a-w   c:\windows\system32\lsass.exe
- 2006-11-09 21:20:00   2,111,096   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02   3,695,008   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2006-11-09 21:20:00   190,072   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04   235,936   ----a-w   c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-15 23:32:35   84,661   ----a-w   c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-04 12:00:00   118,272   -c----w   c:\windows\system32\mdminst.dll
+ 2008-04-14 00:11:56   118,272   ----a-w   c:\windows\system32\mdminst.dll
- 2004-08-04 12:00:00   22,528   ------w   c:\windows\system32\mfcsubs.dll
+ 2008-04-14 00:11:56   22,528   ----a-w   c:\windows\system32\mfcsubs.dll
- 2004-08-04 12:00:00   18,944   ------w   c:\windows\system32\midimap.dll
+ 2008-04-14 00:11:57   18,944   ----a-w   c:\windows\system32\midimap.dll
- 2004-08-04 12:00:00   586,240   ------w   c:\windows\system32\mlang.dll
+ 2008-04-14 00:11:57   586,240   ----a-w   c:\windows\system32\mlang.dll
- 2004-08-04 12:00:00   153,600   -c----w   c:\windows\system32\modemui.dll
+ 2008-04-14 00:11:57   153,600   ----a-w   c:\windows\system32\modemui.dll
- 2004-08-04 12:00:00   59,904   ------w   c:\windows\system32\mpr.dll
+ 2008-04-14 00:11:57   59,904   ----a-w   c:\windows\system32\mpr.dll
- 2004-08-04 12:00:00   87,040   ------w   c:\windows\system32\mprapi.dll
+ 2008-04-14 00:11:57   87,040   ----a-w   c:\windows\system32\mprapi.dll
- 2008-10-07 19:19:40   16,721,856   ----a-w   c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37   17,593,280   ----a-w   c:\windows\system32\MRT.exe
- 2004-08-04 12:00:00   71,680   ------w   c:\windows\system32\msacm32.dll
+ 2008-04-14 00:11:58   71,680   ----a-w   c:\windows\system32\msacm32.dll
- 2004-08-04 12:00:00   57,344   ------w   c:\windows\system32\msasn1.dll
+ 2008-04-14 00:11:58   57,344   ----a-w   c:\windows\system32\msasn1.dll
- 2008-06-24 16:23:05   74,240   ------w   c:\windows\system32\mscms.dll
+ 2008-06-24 16:43:16   74,240   ----a-w   c:\windows\system32\mscms.dll
- 2004-08-04 12:00:00   12,288   -c----w   c:\windows\system32\mscpx32r.dLL
+ 2008-04-13 17:26:07   12,288   ----a-w   c:\windows\system32\mscpx32r.dll
- 2004-08-04 12:00:00   36,864   -c----w   c:\windows\system32\mscpxl32.dLL
+ 2008-04-14 00:11:58   36,864   ----a-w   c:\windows\system32\mscpxl32.dll
- 2008-02-26 11:59:50   294,912   ------w   c:\windows\system32\msctf.dll
+ 2008-04-14 00:11:58   297,984   ----a-w   c:\windows\system32\msctf.dll
- 2004-08-04 12:00:00   151,552   -c----w   c:\windows\system32\msdart.dll
+ 2008-04-14 00:11:59   151,552   ----a-w   c:\windows\system32\msdart.dll
- 2008-08-26 07:24:30   459,264   ----a-w   c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37   459,264   ----a-w   c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30   52,224   ----a-w   c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37   52,224   ----a-w   c:\windows\system32\msfeeds
Title: Help!
Post by: guestolo on December 21, 2008, 07:27:09 PM
Can you do the following

download Flash_Disinfector  (http://\"http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe\") and save it to your desktop[color=\"#4169E1\"]Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/color]

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
File::
c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..

Post that log from ComboFix please with a fresh Hijackthis log
Keep me informed how things are running afterwards
Title: Help!
Post by: ___ on December 21, 2008, 07:40:55 PM
I don't have a flash drive that I use for this computer.
Title: Help!
Post by: guestolo on December 21, 2008, 07:43:49 PM
Just carry on with the fixes please
If you don't have a flash drive, don't insert one
Title: Help!
Post by: ___ on December 21, 2008, 08:19:07 PM
Here.
ComboFix 08-12-21.02 - Garrett's Account 2008-12-21 18:56:02.9 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.959.467 [GMT -6:00]
Running from: c:\documents and settings\Garrett's Account\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Garrett's Account\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tuvSLEVm.dll
c:\windows\system32\vtUmMeDV.dll
c:\windows\Tasks\hejpkidn.job

.
(((((((((((((((((((((((((   Files Created from 2008-11-22 to 2008-12-22  )))))))))))))))))))))))))))))))
.

2008-12-21 12:48 . 2008-12-21 12:48   <DIR>   d--------   C:\Sandbox
2008-12-21 12:48 . 2008-12-21 16:06   1,384   --a------   c:\windows\Sandboxie.ini
2008-12-21 12:47 . 2008-12-21 12:47   <DIR>   d--------   c:\program files\Sandboxie
2008-12-19 23:35 . 2008-12-19 23:35   <DIR>   d--------   c:\program files\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:36   <DIR>   d--------   c:\documents and settings\Garrett's Account\Application Data\Ventrilo
2008-12-19 23:35 . 2008-12-19 23:35   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-18 23:54 . 2008-12-21 18:00   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-18 20:32 . 2008-12-18 20:54   <DIR>   d--------   c:\windows\system32\Adobe
2008-12-04 22:22 . 2008-12-04 22:22   <DIR>   dr-h-----   C:\AHCache
2008-12-01 16:10 . 2008-12-05 16:57   410,984   --a------   c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 00:10   31   ----a-w   c:\documents and settings\Garrett's Account\jagex_runescape_preferences.dat
2008-12-22 00:01   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-20 05:34   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:47   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\FrostWire
2008-12-13 06:40   3,593,216   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-05 22:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 22:57   ---------   d-----w   c:\program files\Sun
2008-12-05 22:57   ---------   d-----w   c:\program files\Java
2008-11-22 03:20   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Subversion
2008-11-22 03:19   ---------   d-----w   c:\program files\SCAR 3.15
2008-11-22 03:14   ---------   d-----w   c:\program files\Subversion
2008-11-07 23:04   ---------   d-----w   c:\program files\Canon
2008-11-05 04:29   45,056   ----a-w   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-11-05 04:29   44,032   ----a-w   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-11-04 22:23   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\Garrett's Account\Application Data\Malwarebytes
2008-11-04 22:23   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 18:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21   455,296   ------w   c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 12:36   286,720   ------w   c:\windows\system32\dllcache\gdi32.dll
2008-10-22 22:10   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 20:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-16 13:11   70,656   ----a-w   c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11   13,824   ----a-w   c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34   337,408   ------w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06   633,632   ----a-w   c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04   161,792   ----a-w   c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2003-03-18 01:27   307,904   -c--a-w   c:\windows\inf\wg311nd5.sys
.

(((((((((((((((((((((((((((((   snapshot_2008-12-21_16.55.20.06   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-21 22:20:58   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-22 00:10:13   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-21 22:20:58   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-22 00:10:13   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-11-30 4662776]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2008-11-15 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2005-04-22 397312]
"CaAvTray"="c:\program files\Yahoo!\Antivirus\CAVTray.exe" [2006-06-15 230512]
"CAVRID"="c:\program files\Yahoo!\Antivirus\CAVRID.exe" [2006-06-15 185456]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6346:TCP"= 6346:TCP:Gnutella

R3 SbieDrv;SbieDrv;\??\c:\program files\Sandboxie\SbieDrv.sys [2008-11-15 102912]
S3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2005-08-24 16194]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\DRIVERS\wg311nd5.sys [2005-08-24 307904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{710a26fe-c38d-11db-98b8-00149541f90b}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\Norton Security Scan for Garrett's Account.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2008-12-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\windows\system32\VetRedir.dll

 - c:\windows\Downloaded Program Files\RhapX.inf
FF - ProfilePath - c:\documents and settings\Garrett's Account\Application Data\Mozilla\Firefox\Profiles\hu1qy710.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - component: c:\documents and settings\Garrett's Account\Application Data\Mozilla\Firefox\Profiles\hu1qy710.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-21 19:05:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2008-12-21 19:10:10
ComboFix-quarantined-files.txt  2008-12-22 01:09:12
ComboFix2.txt  2008-12-21 22:57:40
ComboFix3.txt  2008-11-05 04:43:33
ComboFix4.txt  2008-11-04 04:32:26
ComboFix5.txt  2008-12-22 00:52:09

Pre-Run: 49,916,194,816 bytes free
Post-Run: 49,899,245,568 bytes free

195   --- E O F ---   2008-12-18 02:29:20
Title: Help!
Post by: guestolo on December 21, 2008, 09:53:28 PM
Quote
Post that log from ComboFix please with a fresh Hijackthis log
Keep me informed how things are running afterwards
Title: Help!
Post by: ___ on December 21, 2008, 09:56:29 PM
Running great, haven't gotten a pop-up yet. Here is log:
Thanks for all your help, once again...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:07 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834 (http://\"http://go.microsoft.com/fwlink/?linkid=54834\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab\")
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab (http://\"http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab (http://\"http://mediaplayer.walmart.com/installer/install.cab\")
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab (http://\"http://download.shockwave.com/pub/otoy/OTOYAX.cab\")
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (http://\"http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab\")
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8857 bytes
Title: Help!
Post by: guestolo on December 21, 2008, 11:07:49 PM
go ahead and delete Flash_Disinfector.exe from desktop
You can also manually delete ATF-Cleaner.exe or hold onto it
to help clean Temp files, cookies, etc...
Note: under the Main window, it will also clear Prefetch
This may cause a delay in startup on bootup, startup will get faster as this folder
is repopulated

Go to START>>RUN>>copy and paste the following then click OK
ComboFix /u
This will uninstall ComboFix and it's components

Do you have SpywareBlaster 4.1 installed?
If not, you have probably seen me recommend it
Do you want instructions?
Title: Help!
Post by: ___ on December 21, 2008, 11:18:46 PM
Ok combofix is uninstalled, and Yes I will download SpywareBlaster 4.1
Edit) SpywareBlaster is installed.
Title: Help!
Post by: guestolo on December 21, 2008, 11:31:54 PM
[quote name=\'i w1sh i was rich\' post=\'452134\' date=\'Dec 21 2008, 08:18 PM\']Ok combofix is uninstalled, and Yes I will download SpywareBlaster 4.1
Edit) SpywareBlaster is installed.[/quote]

Good work, I'll lock this topic as your problems appear resolved
Take care i w1sh i was rich  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />